Overview

overview

10

Static

static

Loading-Document.exe

windows7_x64

10

Loading-Document.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loading-Document.exe

  • Size

    1.1MB

  • Sample

    200713-f8g8wz33g2

  • MD5

    95b2c06fe00c2d75fa7b16c7c17074f7

  • SHA1

    9657218cd47d2a6b872e35975f9d1ea352cf972c

  • SHA256

    3d29d5ec9db9f11b9e20b2c0a27a74846fa9a6c74c8183826b08d48e1b231204

  • SHA512

    eb8b2e06f90905f2b540ba45b02c06ac04bf0601495435f766f56a11c0a06cab8eaa999dda13f8bf7c991fc46dad0f65fad1c024702c25c4f3d292ee64decf4b

Score
10/10
modiloaderremcospersistencerattrojan

Malware Config

Targets

    • Target

      Loading-Document.exe

    • Size

      1.1MB

    • MD5

      95b2c06fe00c2d75fa7b16c7c17074f7

    • SHA1

      9657218cd47d2a6b872e35975f9d1ea352cf972c

    • SHA256

      3d29d5ec9db9f11b9e20b2c0a27a74846fa9a6c74c8183826b08d48e1b231204

    • SHA512

      eb8b2e06f90905f2b540ba45b02c06ac04bf0601495435f766f56a11c0a06cab8eaa999dda13f8bf7c991fc46dad0f65fad1c024702c25c4f3d292ee64decf4b

    Score
    10/10
    modiloaderremcospersistencerattrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks