Extracted

• • Target

    SecuriteInfo.com.Win32.PWSX-gen.20423.16567.exe

  • Size

    908KB

  • MD5

    30f5492ddedc404154ef35ff31b6901c

  • SHA1

    cfb9bacbd07ab8c9432a6158b1c876041b5a9946

  • SHA256

    16a3f220167bcdefd947617ea5f392677706f4d2a051bb03d0072bfdd42ac61b

  • SHA512

    b38392a6e4d9b2becd8b10299ff5320c219abc7eefc1c3f17b56e4940874411dae784e4cbd4a709921cc85d4f3e124c70909cbd9162d27261f7cb7ce7fd685b8

  • SSDEEP

    12288:s4wdAWeD2sm2IQrzSyVSdndweMbYWZ0QomdcKF4x8Vnnnnnnnnnnnnnnnnnnnnnr:tYAhs2NrzSyVSdn5wYW+GOQ0VzOt

  Score

  10^/10

  modiloadertrojanwarzoneratcollectioninfostealerpersistenceratspywarestealer

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • ModiLoader Second Stage

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence
  behavioral1behavioral2