Overview

overview

10

Static

static

9b509f1166...f3.exe

windows7_x64

10

9b509f1166...f3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b509f1166db541d542bf77b272fe5f3.exe

  • Size

    72KB

  • Sample

    201225-hhffjcj8cs

  • MD5

    9b509f1166db541d542bf77b272fe5f3

  • SHA1

    9755c4f7d746f444827702376c07a999598f582c

  • SHA256

    e947261444b110a5604981645a6d057a9603a1a6919a45a3f5c61a2d713aff5d

  • SHA512

    67af5e2e60547e925da5c2d636d2fb5694e542f6be8d827333247e5e86fead2f7667b658cefd224d7116b5607cc69a536bc67de046d8bf70cdc495c538ac2c25

Score
10/10
modiloaderremcospersistencerattrojan

Malware Config

Targets

    • Target

      9b509f1166db541d542bf77b272fe5f3.exe

    • Size

      72KB

    • MD5

      9b509f1166db541d542bf77b272fe5f3

    • SHA1

      9755c4f7d746f444827702376c07a999598f582c

    • SHA256

      e947261444b110a5604981645a6d057a9603a1a6919a45a3f5c61a2d713aff5d

    • SHA512

      67af5e2e60547e925da5c2d636d2fb5694e542f6be8d827333247e5e86fead2f7667b658cefd224d7116b5607cc69a536bc67de046d8bf70cdc495c538ac2c25

    Score
    10/10
    modiloaderremcospersistencerattrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks