modiloader | c7bd80117055942f0f622a346479856e7272fb071dd1d709387dd4c8fd4f2ea5 | Triage

Submit
Reports

Overview

overview

Static

static

ORDER#9494.exe

windows7_x64

ORDER#9494.exe

windows10_x64

Sharing

General

Target

ORDER#9494.exe
Size

724KB
Sample

210119-yr4r9scpce
MD5

64cceafcc81b85f1bedd61dd285ca75a
SHA1

4ab324d8dc4faae991dee59f64f372ad13bc8cfa
SHA256

c7bd80117055942f0f622a346479856e7272fb071dd1d709387dd4c8fd4f2ea5
SHA512

340bc6ac5c61624bb7a00a1ec560d58a3c696a99b45b082588d99673dd02b21a6cb0a73c9e5c40c785aba7c44ff627e0ed7f0f52cfebd886dfacf02305cc78d8

Score

10^/10

modiloader remcos persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

ORDER#9494.exe

Resource

win7v20201028

remcos persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ORDER#9494.exe

Resource

win10v20201028

remcos persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ORDER#9494.exe
- Size
  
  724KB
- MD5
  
  64cceafcc81b85f1bedd61dd285ca75a
- SHA1
  
  4ab324d8dc4faae991dee59f64f372ad13bc8cfa
- SHA256
  
  c7bd80117055942f0f622a346479856e7272fb071dd1d709387dd4c8fd4f2ea5
- SHA512
  
  340bc6ac5c61624bb7a00a1ec560d58a3c696a99b45b082588d99673dd02b21a6cb0a73c9e5c40c785aba7c44ff627e0ed7f0f52cfebd886dfacf02305cc78d8
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat

© 2018-2024

Terms | Privacy