modiloader | c351dac370d0364b1ef303338408a568d877eef020539818f09214adb338bf5c | Triage

Sharing

General

Target

Dringende Bestellung Zitat SDX88467638,pdf.iso
Size

900KB
Sample

210413-7f76pqvkxe
MD5

042596a85ae67d962ce6ca8036e076f9
SHA1

ae126206ce1e515c9a5cc70bbd79ab7924ee416e
SHA256

c351dac370d0364b1ef303338408a568d877eef020539818f09214adb338bf5c
SHA512

5d1b64533994fac8f77638e1f1e3256a9e1cefd7736d4183e284a3c01a4fea0a82c2e11e264b9a21740d84524a83df8227aaa876ff67fb9aaaa9d937c373f737

Score

10^/10

modiloader remcos persistence rat trojan

Malware Config

Extracted

Family

remcos

C2

ongod4life.ddns.net:4344

Targets

- Target
  
  Devis de commande urgent SDX88467638,pdf.exe
- Size
  
  838KB
- MD5
  
  3cbd690be25928be30b522ad04785ef5
- SHA1
  
  e2f8ab8ceaaa0bf2a65fd8291f1355a58ad66561
- SHA256
  
  2644d67e0fbbce929f70bdc4c07912617a2a65e611faeb72acd51a091e529a5e
- SHA512
  
  388334e5ddc09edaefffa1050c6c2e6a5bbc88c24d1973b0fbfbb69a8fcace4d985e8166bbebc5d767749fde55b8fd2251f9bd9f6499f8f984c14f1d59c9a9e7
Score

10^/10

modiloader remcos persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderremcospersistencerattrojan

behavioral2

remcospersistencerat