modiloader | ab032688523c2d7c7d0c7e829a3761fe59797d0d9b24789c94b7d0a6e5e30c29 | Triage

Submit
Reports

Overview

overview

Static

static

1

Quotation ...ls.exe

windows7-x64

Quotation ...ls.exe

windows10-2004-x64

Sharing

General

Target

Quotation Request Reference Details.exe
Size

762KB
Sample

230324-r2eshsfb35
MD5

9e19382494ab766b05c90cad05588c9b
SHA1

6bd85f0c94574fa0f4d27e791c03871dc07776d6
SHA256

ab032688523c2d7c7d0c7e829a3761fe59797d0d9b24789c94b7d0a6e5e30c29
SHA512

cec2566575b6989166dbcda9fde97a56e7a9e0b21fc656259fb0ae6af77e8b404a336307bcd9492c73d01c883edcc834eceb44cd2167f86a649420214e79604a
SSDEEP

12288:JEkDmC7ekQVonF1Wp5j6cG7yXqMiHEVXhsdnfvkGUUmyyi8jXRy2Y36j:aUz4VoF1Wp8c8tMikVXhknfvSUmy4436

Score

10^/10

modiloader warzonerat collection infostealer persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Quotation Request Reference Details.exe

Resource

win7-20230220-en

modiloader trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

Quotation Request Reference Details.exe

Resource

win10v2004-20230221-en

modiloader warzonerat collection infostealer persistence rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

delta212.ddns.net:3072

Targets

- Target
  
  Quotation Request Reference Details.exe
- Size
  
  762KB
- MD5
  
  9e19382494ab766b05c90cad05588c9b
- SHA1
  
  6bd85f0c94574fa0f4d27e791c03871dc07776d6
- SHA256
  
  ab032688523c2d7c7d0c7e829a3761fe59797d0d9b24789c94b7d0a6e5e30c29
- SHA512
  
  cec2566575b6989166dbcda9fde97a56e7a9e0b21fc656259fb0ae6af77e8b404a336307bcd9492c73d01c883edcc834eceb44cd2167f86a649420214e79604a
- SSDEEP
  
  12288:JEkDmC7ekQVonF1Wp5j6cG7yXqMiHEVXhsdnfvkGUUmyyi8jXRy2Y36j:aUz4VoF1Wp8c8tMikVXhknfvSUmy4436
Score

10^/10

modiloader trojan warzonerat collection infostealer persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ModiLoader Second Stage
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderwarzoneratcollectioninfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy