modiloader | 0a049a6f200348e229ebaa13728cd0d19de4839c741d4faec3dd64207860153d | Triage

Sharing

General

Target

c4cd874423d9026b16b370d5fa812471.exe
Size

637KB
Sample

210408-qrg4cyz2h6
MD5

c4cd874423d9026b16b370d5fa812471
SHA1

b1c514708b9611056cce378a8c7d8f2b12e4e8df
SHA256

0a049a6f200348e229ebaa13728cd0d19de4839c741d4faec3dd64207860153d
SHA512

ba5a92674f30bbcb2c4f4552bebb6f226da9ceb5a67d8692d3615353c85a241d9c501732e83b0825f59c6bf272df5cdb66f67136d89fe7f9898b20c018d3f501

Score

10^/10

modiloader remcos persistence rat trojan

Malware Config

Extracted

Family

remcos

C2

alukoren.duckdns.org:9144

Targets

- Target
  
  c4cd874423d9026b16b370d5fa812471.exe
- Size
  
  637KB
- MD5
  
  c4cd874423d9026b16b370d5fa812471
- SHA1
  
  b1c514708b9611056cce378a8c7d8f2b12e4e8df
- SHA256
  
  0a049a6f200348e229ebaa13728cd0d19de4839c741d4faec3dd64207860153d
- SHA512
  
  ba5a92674f30bbcb2c4f4552bebb6f226da9ceb5a67d8692d3615353c85a241d9c501732e83b0825f59c6bf272df5cdb66f67136d89fe7f9898b20c018d3f501
Score

10^/10

modiloader remcos persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderremcospersistencerattrojan

behavioral2

modiloaderremcospersistencerattrojan