Extracted

Extracted

• • Target

    quote- AWT - 2019.15.07.exe

  • Size

    1.0MB

  • MD5

    27b06589ccae405f375812b6a183ab5e

  • SHA1

    8931c80fe91ffdd323de07e7763e2c110bb08aef

  • SHA256

    3ed398f02316edd3a2fd9afad8b4748f4b056ab659a8f22a8f4bbec361e9d19c

  • SHA512

    bf7e2433c6c6bb02cc5a8968316da3a2d7d5d658e3031d1b133f7719346235d24ceb5ef16629d90e49c1e6231490a8c903d7e59db2ee445ad01b122d28bba39f

  • SSDEEP

    24576:U1ZIJHZxeAaa3RSGKzso/vq5oOqLM2xl/f8h:U1ZIEosq5c/K

  Score

  10^/10

  modiloaderwarzoneratcollectioninfostealerpersistenceratspywarestealertrojan

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • ModiLoader Second Stage

  • Warzone RAT payload

    rat

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2