modiloader | caa081d54d2ddc47a58e4c1ba5a786de522b858722573e00fe35cea2db090032 | Triage

Sharing

General

Target

4b.zip
Size

363KB
Sample

210504-z4je2skap6
MD5

861ab485762b70ea58d1c368df3026e9
SHA1

87b0ddfaac106736af32d6e85c5a74883216f211
SHA256

caa081d54d2ddc47a58e4c1ba5a786de522b858722573e00fe35cea2db090032
SHA512

398233ab3861a3e92f0860dbe98390dfb94499130531bbeef5b4748d624552ca88562a9075ab26d02cf0accaf212041101e959a0dbdff08b80929af7d0a44f76

Score

10^/10

modiloader remcos persistence rat trojan

Malware Config

Extracted

Family

remcos

C2

style.ptbagasps.co.id:42024

Targets

- Target
  
  44e5fe5565bbbc560978e09da29a61a8c279e416f41e0d10455d4f497d041192.bin
- Size
  
  804KB
- MD5
  
  9133b63a86469eca3f5505abfb5af728
- SHA1
  
  83c1c421e725c4d4b4cb828fb7046a5fd1bb7672
- SHA256
  
  44e5fe5565bbbc560978e09da29a61a8c279e416f41e0d10455d4f497d041192
- SHA512
  
  e5ebceef4dbcd135c4af4bc5f9e589ad1df59a47623e7871e4cc223c81d4d41adce76a2c1948b4388c5904e7edf467135400a36f3c1a1493d921c78b87e2e113
Score

10^/10

remcos persistence rat modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

modiloaderremcospersistencerattrojan