c4cd874423d9026b16b370d5fa812471.exe

Target

Size

637KB

Sample

210408-qrg4cyz2h6

Score

10 ^/10

MD5

c4cd874423d9026b16b370d5fa812471

SHA1

b1c514708b9611056cce378a8c7d8f2b12e4e8df

SHA256

0a049a6f200348e229ebaa13728cd0d19de4839c741d4faec3dd64207860153d

SHA512

ba5a92674f30bbcb2c4f4552bebb6f226da9ceb5a67d8692d3615353c85a241d9c501732e83b0825f59c6bf272df5cdb66f67136d89fe7f9898b20c018d3f501

Extracted

Family	remcos
C2	alukoren.duckdns.org:9144 alukoren.duckdns.org:9144

Target

c4cd874423d9026b16b370d5fa812471.exe

MD5

c4cd874423d9026b16b370d5fa812471

Filesize

637KB

Score

10 ^/10

SHA1

b1c514708b9611056cce378a8c7d8f2b12e4e8df

SHA256

0a049a6f200348e229ebaa13728cd0d19de4839c741d4faec3dd64207860153d

SHA512

ba5a92674f30bbcb2c4f4552bebb6f226da9ceb5a67d8692d3615353c85a241d9c501732e83b0825f59c6bf272df5cdb66f67136d89fe7f9898b20c018d3f501

Signatures

ModiLoader, DBatLoader

Description

ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

Tags

trojan modiloader
Remcos

Description

Remcos is a closed-source remote control and surveillance software.

Tags

rat remcos
Adds Run key to start application

Tags

persistence

TTPs

Registry Run Keys / Startup Folder Modify Registry

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

modiloader remcos persistence rat trojan

10^/10

behavioral2

modiloader remcos persistence rat trojan

10^/10

Extracted

Tags

Signatures

ModiLoader, DBatLoader

Description

Tags

Remcos

Description

Tags

Adds Run key to start application

Tags

TTPs

Related Tasks

static1

behavioral1

behavioral2