modiloader | 0f3cac160b09665561487322c11c5ee1ad0eb221b32edfecf1fe01d5b5f278f7 | Triage

Sharing

General

Target

Dringende Bestellung Zitat CTX88467638,pdf.exe
Size

769KB
Sample

210412-47x6rm3tnj
MD5

66525016cb1f9420e5e5c178082346cf
SHA1

afe3c32389f0009959d9de94feb11e2bf1f1abd7
SHA256

0f3cac160b09665561487322c11c5ee1ad0eb221b32edfecf1fe01d5b5f278f7
SHA512

26eefff0cdc04747ccfb432c0154ec271b2b9ad6ead105fe0f9cd07ba08df05f13d15771eafaeec9912acf02b289ecde134d56c5c398198c9c256b6580058d7c

Score

10^/10

modiloader remcos persistence rat trojan

Malware Config

Extracted

Family

remcos

C2

ongod4life.ddns.net:4344

Targets

- Target
  
  Dringende Bestellung Zitat CTX88467638,pdf.exe
- Size
  
  769KB
- MD5
  
  66525016cb1f9420e5e5c178082346cf
- SHA1
  
  afe3c32389f0009959d9de94feb11e2bf1f1abd7
- SHA256
  
  0f3cac160b09665561487322c11c5ee1ad0eb221b32edfecf1fe01d5b5f278f7
- SHA512
  
  26eefff0cdc04747ccfb432c0154ec271b2b9ad6ead105fe0f9cd07ba08df05f13d15771eafaeec9912acf02b289ecde134d56c5c398198c9c256b6580058d7c
Score

10^/10

persistence modiloader remcos rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

modiloaderremcospersistencerattrojan