Overview

overview

10

Static

static

order conf...ar.exe

windows7_x64

10

order conf...ar.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    order confirmation PO#1912679,rar.exe

  • Size

    1.3MB

  • Sample

    200713-12343fv56s

  • MD5

    0fffcf232ba8b08e1036a01c66d22f54

  • SHA1

    7222e9903ec892627197233498a6e0cede759630

  • SHA256

    76fff401edfeb7279561b52d1e6486145600c6834d7ce8e7c46a571f1161eabe

  • SHA512

    067a969a0084f1077652988d9a17bfa256127588a1af25b641afd737fb34bfae78816e86a6986bb9a84ab79e15d9eb112f0c351d630ab36f9ea28b0396bd19a0

Score
10/10
modiloaderremcospersistencerattrojan

Malware Config

Targets

    • Target

      order confirmation PO#1912679,rar.exe

    • Size

      1.3MB

    • MD5

      0fffcf232ba8b08e1036a01c66d22f54

    • SHA1

      7222e9903ec892627197233498a6e0cede759630

    • SHA256

      76fff401edfeb7279561b52d1e6486145600c6834d7ce8e7c46a571f1161eabe

    • SHA512

      067a969a0084f1077652988d9a17bfa256127588a1af25b641afd737fb34bfae78816e86a6986bb9a84ab79e15d9eb112f0c351d630ab36f9ea28b0396bd19a0

    Score
    10/10
    modiloaderremcospersistencerattrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks