modiloader | 969af9f6016a316693a0d710460a4b6576185a2907c999985f2642ef26889584

General

Target

Re Porforma Invoice 60 downpayment - PT Era F1909003 Project Kupang.exe
Size

718KB
Sample

230502-p8epzsbb47
MD5

eae3bd76ec42b738462cb746206550bc
SHA1

8f071fc96b3f464cd1fa1c63624c4e62270e22dc
SHA256

969af9f6016a316693a0d710460a4b6576185a2907c999985f2642ef26889584
SHA512

990a88710a4484bcc6b0c121a2089de282298d6f7bee46d2676a19658bc9ce1d5fd2fee3112aa7db2553ed39ddc80d1a28800665a2270462ea2316666d28c65f
SSDEEP

12288:v5l9W77bOltPah+3EwFE4303gWWAAT6JlK0Xh:vHcOAIy2T6FXh

Score

10^/10

Malware Config

Extracted

Family

warzonerat

C2

nightmare4666.ddns.net:3443

Targets

- Target
  
  Re Porforma Invoice 60 downpayment - PT Era F1909003 Project Kupang.exe
- Size
  
  718KB
- MD5
  
  eae3bd76ec42b738462cb746206550bc
- SHA1
  
  8f071fc96b3f464cd1fa1c63624c4e62270e22dc
- SHA256
  
  969af9f6016a316693a0d710460a4b6576185a2907c999985f2642ef26889584
- SHA512
  
  990a88710a4484bcc6b0c121a2089de282298d6f7bee46d2676a19658bc9ce1d5fd2fee3112aa7db2553ed39ddc80d1a28800665a2270462ea2316666d28c65f
- SSDEEP
  
  12288:v5l9W77bOltPah+3EwFE4303gWWAAT6JlK0Xh:vHcOAIy2T6FXh
Score

10^/10

modiloader trojan warzonerat infostealer persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ModiLoader Second Stage
- Warzone RAT payload
  rat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

WarzoneRat, AveMaria

ModiLoader Second Stage

Warzone RAT payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2