modiloader | b201c180da5e6cb1d70ae9e5a67bba023192f0024c69498876a960c58ed01ffd | Triage

Sharing

General

Target

PI29081912419,pdf.exe
Size

1.5MB
Sample

200710-kslez9v61s
MD5

eb5b86aede1604b341d9196fc11c12df
SHA1

9f23656826a9f79625491476d86a4e3a6bcaf579
SHA256

b201c180da5e6cb1d70ae9e5a67bba023192f0024c69498876a960c58ed01ffd
SHA512

d0c0ea25c038d0a17aec15e79c7858b79d186cd04c65e0ff825b1fa3c6fa8e82bc5b8ba33cea40654381be98c2805dcad79bc94ed8d97b8492e5051f4c29f87e

Score

10^/10

modiloader remcos persistence rat trojan

Malware Config

Targets

- Target
  
  PI29081912419,pdf.exe
- Size
  
  1.5MB
- MD5
  
  eb5b86aede1604b341d9196fc11c12df
- SHA1
  
  9f23656826a9f79625491476d86a4e3a6bcaf579
- SHA256
  
  b201c180da5e6cb1d70ae9e5a67bba023192f0024c69498876a960c58ed01ffd
- SHA512
  
  d0c0ea25c038d0a17aec15e79c7858b79d186cd04c65e0ff825b1fa3c6fa8e82bc5b8ba33cea40654381be98c2805dcad79bc94ed8d97b8492e5051f4c29f87e
Score

10^/10

modiloader remcos persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderremcospersistencerattrojan

behavioral2

modiloaderremcospersistencerattrojan