Overview

overview

10

Static

static

1

Pabpuysmoiglbu.exe

windows7-x64

10

Pabpuysmoiglbu.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation

  • Size

    268KB

  • Sample

    230418-s85syseb9t

  • MD5

    4e51a6372468335a3ff65982b8211957

  • SHA1

    c883029465f2bd5369af073d53b926d16f3be87f

  • SHA256

    c645400298e51e9fe7f9cbfc1bb6e0573fbde84bd3a6d7377e36f056a6af53f3

  • SHA512

    2ff1ea7321e2e08d2e17336bc4452fa4714af021dfeb3bdba131d05a58e45270625ab6bcddd15c8deeff8527a4d4413c8d6676527be285ae3af1bdf3bbde165d

  • SSDEEP

    6144:1TYaczyJvxO9OgG/5LtZ1R78r7M4F8MbqOgbumdvqBKnHs:ZpJO9OgUJfyfMu6Oadv3Hs

Score
10/10
modiloaderwarzoneratinfostealerpersistencerattrojan

Malware Config

Extracted

Family

warzonerat

C2

208.67.107.127:62641

Targets

    • Target

      Pabpuysmoiglbu.exe

    • Size

      695KB

    • MD5

      5ef3954750eb82f109e4a6c759ed45a7

    • SHA1

      9cc027099b26523cd217fd21bfd8fa44c4ba9af8

    • SHA256

      3b26d9ebfe673cc66d9cd8c3092cd649227686201d6391b8dc6e5cc3bda57fed

    • SHA512

      a517347f4bc1c6d75ef0dd7f61b38b34e8711a44359b63b497187470ff2f5ed96c421b7e0072415a3f5932d320a770fcf3ceb6ae8cffeb337a7e3b71a48251c1

    • SSDEEP

      12288:enGZwDJEET9iY7ED3FxwMueDDn/gUIDArfzaEGcNmdcW:enWZExiY4FN/Tr7znccW

    Score
    10/10
    modiloaderwarzoneratinfostealerpersistencerattrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • ModiLoader Second Stage

    • Warzone RAT payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks