modiloader | ee6d59e7ff1910806b465f8ae5fd6b2dd918cbe56fb1e3144d1484ba7b266eec | Triage

Sharing

General

Target

12.exe
Size

619KB
Sample

210421-twevtx658s
MD5

98f413548ec275b2b0ead9caf86119eb
SHA1

cd39fdbed9c2011ef1d33dec7f50704664c33e63
SHA256

ee6d59e7ff1910806b465f8ae5fd6b2dd918cbe56fb1e3144d1484ba7b266eec
SHA512

266370e9871a3e8c9c26835de8dec3be658d4bbb8709b3e26bfd986c60d312a065b587935e737e866907946f07cd25a6b7b2e416aabf8693bccc6fb694d6c6ef

Score

10^/10

modiloader remcos persistence rat trojan

Malware Config

Extracted

Family

remcos

C2

abujafirms1.duckdns.org:12000

194.5.98.203:1988

Targets

- Target
  
  12.exe
- Size
  
  619KB
- MD5
  
  98f413548ec275b2b0ead9caf86119eb
- SHA1
  
  cd39fdbed9c2011ef1d33dec7f50704664c33e63
- SHA256
  
  ee6d59e7ff1910806b465f8ae5fd6b2dd918cbe56fb1e3144d1484ba7b266eec
- SHA512
  
  266370e9871a3e8c9c26835de8dec3be658d4bbb8709b3e26bfd986c60d312a065b587935e737e866907946f07cd25a6b7b2e416aabf8693bccc6fb694d6c6ef
Score

10^/10

modiloader remcos persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderremcospersistencerattrojan

behavioral2

remcospersistencerat