Overview

overview

10

Static

static

10

1648-51-0x...ry.exe

windows7-x64

1

1648-51-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1648-51-0x0000000000400000-0x0000000001400000-memory.dmp

  • Size

    16.0MB

  • MD5

    d8a82b4dbcdb40ad707d69b90072ae83

  • SHA1

    44b767ec7bccb22770ba9d3d94cc48f65231965f

  • SHA256

    0345dc77a66de9b18564a3fa764d03307a4a8fd2dfae3d2794ef0352d12be0ca

  • SHA512

    cc4a9b81721d4de963bbda55e14be6b265aa87f8f348cb18a340d96047db3c8430dae07e1ea9b33b90fdf09e8ad3d98fd8c437032c665ac9fb997319780062fe

  • SSDEEP

    24576:KwRSESae3NT6qibVJoDjDPeMLwqNM31o3Abm:nc86NTIJovLe

Score
10/10
ratmodiloaderwarzonerat

Malware Config

Extracted

Family

warzonerat

C2

zakriexports.com:2017

Signatures

  • ModiLoader Second Stage 1 IoCs
  • Modiloader family
    modiloader
  • Warzone RAT payload 1 IoCs
    rat
  • Warzonerat family
    warzonerat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1648-51-0x0000000000400000-0x0000000001400000-memory.dmp
    .exe windows:6 windows x86 arch:x86


    Headers

    Sections