Overview

overview

10

Static

static

Loading-Document.exe

windows7_x64

10

Loading-Document.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loading-Document.exe

  • Size

    1.1MB

  • Sample

    200713-8e8tjpc6ja

  • MD5

    d3a33281c280e948524c6f1d98e50b27

  • SHA1

    38a9f16d5586f5ac76489723aa4744c483544e85

  • SHA256

    8be40e5f245aaa3a3d114ff16a7598877806115cf8dcf819fc231c2ac571ed76

  • SHA512

    2850a92f9129eb2a68b37c835428b4f80a81a3c54cd699665757d56e61764052ecaec5da1a9944466819fc384d5a97cebbdd958fd37303936e7b0df9bce88c46

Score
10/10
modiloaderremcospersistencerattrojan

Malware Config

Targets

    • Target

      Loading-Document.exe

    • Size

      1.1MB

    • MD5

      d3a33281c280e948524c6f1d98e50b27

    • SHA1

      38a9f16d5586f5ac76489723aa4744c483544e85

    • SHA256

      8be40e5f245aaa3a3d114ff16a7598877806115cf8dcf819fc231c2ac571ed76

    • SHA512

      2850a92f9129eb2a68b37c835428b4f80a81a3c54cd699665757d56e61764052ecaec5da1a9944466819fc384d5a97cebbdd958fd37303936e7b0df9bce88c46

    Score
    10/10
    modiloaderremcospersistencerattrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks