Extracted

• • Target

    Swift.exe

  • Size

    865KB

  • MD5

    bee78a8ce6898cd4f58ec73f4eebc141

  • SHA1

    edf970f4a4f8b021ba9383a3adac386c36342964

  • SHA256

    0a5bd6fed58b0293f910bc5d57f6a479a42bedecf040d486d3600bf3929615bc

  • SHA512

    0b1a08a2d9e30c5c14644fb40cf6dec128b76343565310d6a7d6fb2614030baf0c8e561fcb3b6bfcb6409869149334ed00b814fee6c58da7215eba942b01e8f8

  • SSDEEP

    12288:e9Id6OrPwqTQAwBTTvY0Z3l9+P/bnqvPPOmWnADUcHTNEVv5dHj:e9XyTFwtTpZ1E32POMLm9v

  Score

  10^/10

  modiloadertrojanwarzoneratcollectioninfostealerpersistenceratspywarestealer

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • ModiLoader Second Stage

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2