modiloader | 3053553693c4a15f1ee58da1c55bf741707c7ca908ed8062da7d722529acb370

General

Target

eae3bd76ec42b738462cb746206550bc.bin
Size

347KB
Sample

230504-cracqahf38
MD5

83dc9518707b92b76497c2dad2f8cabf
SHA1

27b1d71bb0838c6a916aeefb152b090ba4706cb9
SHA256

3053553693c4a15f1ee58da1c55bf741707c7ca908ed8062da7d722529acb370
SHA512

3627f39120683061e6fe347d666cf2fa8be2513d78b5685724ca76a6794a3d4eb31fb54e30013b3ba227d8338080f31a843957c78bd081201206b06622979edb
SSDEEP

6144:D3rSl49/g1+wXF+GdgG5X/Ol9nTqOZJpxFjuRXz+9srMN8eT28Xlhq5gVmX0jgQ:Dml0+/dBZOjvPxwM9sgN1VXnAH0jgQ

Score

10^/10

Malware Config

Extracted

Family

warzonerat

C2

nightmare4666.ddns.net:3443

Targets

- Target
  
  969af9f6016a316693a0d710460a4b6576185a2907c999985f2642ef26889584.exe
- Size
  
  718KB
- MD5
  
  eae3bd76ec42b738462cb746206550bc
- SHA1
  
  8f071fc96b3f464cd1fa1c63624c4e62270e22dc
- SHA256
  
  969af9f6016a316693a0d710460a4b6576185a2907c999985f2642ef26889584
- SHA512
  
  990a88710a4484bcc6b0c121a2089de282298d6f7bee46d2676a19658bc9ce1d5fd2fee3112aa7db2553ed39ddc80d1a28800665a2270462ea2316666d28c65f
- SSDEEP
  
  12288:v5l9W77bOltPah+3EwFE4303gWWAAT6JlK0Xh:vHcOAIy2T6FXh
Score

10^/10

modiloader trojan warzonerat infostealer persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ModiLoader Second Stage
- Warzone RAT payload
  rat
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

WarzoneRat, AveMaria

ModiLoader Second Stage

Warzone RAT payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2