Overview

overview

10

Static

static

de211b9bc6...79.exe

windows7_x64

10

de211b9bc6...79.exe

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    de211b9bc6b587b466a9fa4f73aed579.exe

  • Size

    1.1MB

  • Sample

    200713-rt1dfdhws6

  • MD5

    de211b9bc6b587b466a9fa4f73aed579

  • SHA1

    a9eedbe3813be8608656b532eee9c61ef58b4283

  • SHA256

    2f0ce341108a0d177092a8e18ca880b966f96a397f23c5135cfd9c6588b0c8c1

  • SHA512

    570aab11cad657fa6b5ad748b341b2bf2d2b9b1d9c6f45f956d4f66ea092252022f6b9cefad3fd790ab57f48451ac3389f0a1c1954d679f7a9cc491f2ed02d7e

Score
10/10
modiloaderremcospersistencerattrojan

Malware Config

Targets

    • Target

      de211b9bc6b587b466a9fa4f73aed579.exe

    • Size

      1.1MB

    • MD5

      de211b9bc6b587b466a9fa4f73aed579

    • SHA1

      a9eedbe3813be8608656b532eee9c61ef58b4283

    • SHA256

      2f0ce341108a0d177092a8e18ca880b966f96a397f23c5135cfd9c6588b0c8c1

    • SHA512

      570aab11cad657fa6b5ad748b341b2bf2d2b9b1d9c6f45f956d4f66ea092252022f6b9cefad3fd790ab57f48451ac3389f0a1c1954d679f7a9cc491f2ed02d7e

    Score
    10/10
    modiloaderremcospersistencerattrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks