modiloader | 60119cfc3cd6b63295c163fad7ab43949d62d5ed6bb024cd3054a2c64e8339c7 | Triage

Submit
Reports

Overview

overview

Static

static

USD35900.exe

windows7_x64

USD35900.exe

windows10_x64

Sharing

General

Target

USD35900.exe
Size

836KB
Sample

210118-hwswn6m5pe
MD5

1982963b64d323f39033d40641437595
SHA1

8dde953e501af236d8be98dbf6d683fda458ba38
SHA256

60119cfc3cd6b63295c163fad7ab43949d62d5ed6bb024cd3054a2c64e8339c7
SHA512

75481182ea78ca9e6ee9022db2e2cfb869419a779e37e149d8c70da3e3f8132dcffcb53a368311bd7dfbe13dab1ee2eae7846aefd361848a375f91d4f61e31b1

Score

10^/10

modiloader remcos persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

USD35900.exe

Resource

win7v20201028

remcos persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

USD35900.exe

Resource

win10v20201028

remcos persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

79.134.225.19:2556

Targets

- Target
  
  USD35900.exe
- Size
  
  836KB
- MD5
  
  1982963b64d323f39033d40641437595
- SHA1
  
  8dde953e501af236d8be98dbf6d683fda458ba38
- SHA256
  
  60119cfc3cd6b63295c163fad7ab43949d62d5ed6bb024cd3054a2c64e8339c7
- SHA512
  
  75481182ea78ca9e6ee9022db2e2cfb869419a779e37e149d8c70da3e3f8132dcffcb53a368311bd7dfbe13dab1ee2eae7846aefd361848a375f91d4f61e31b1
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat

© 2018-2024

Terms | Privacy