modiloader | c6ca42049e6bbe97f58dc7b6da5688aa304ce8a0a1cc25853ba7f74ccc70abf6 | Triage

Submit
Reports

Overview

overview

Static

static

REF New or...00.exe

windows7_x64

1

REF New or...00.exe

windows10-2004_x64

Sharing

General

Target

a006756cd376ff10fd4578d70da88792
Size

416KB
Sample

220707-f8c2qafhf7
MD5

a006756cd376ff10fd4578d70da88792
SHA1

c30f5e18bd45aac2575aaeb77b2e86d4e76a3c51
SHA256

c6ca42049e6bbe97f58dc7b6da5688aa304ce8a0a1cc25853ba7f74ccc70abf6
SHA512

2c34dede2ff613823af872e6f209af49868151216d3875cc9d46fd650a67ca206147185e71fd7f9392a823db263dcee37a399f93c1aef4163e8f6d76f4217c1a

Score

10^/10

modiloader remcos uka persistence rat suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

REF New order & Mackson Quote/REF New order & Mackson Quote000000000000000000000000.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

REF New order & Mackson Quote/REF New order & Mackson Quote000000000000000000000000.exe

Resource

win10v2004-20220414-en

modiloader remcos uka persistence rat suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

Botnet

uka

C2

micenaxus.com:2404

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
install_path
%AppData%
keylog_crypt
true
keylog_file
logs.dat
keylog_flag
false
keylog_folder
uka
keylog_path
%AppData%
mouse_option
false
mutex
uka-RQ2V95
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title

Targets

- Target
  
  REF New order & Mackson Quote/REF New order & Mackson Quote000000000000000000000000.exe
- Size
  
  770KB
- MD5
  
  44d34fafe191feaebf9a8602aae1f11d
- SHA1
  
  a9d7a46214486089eb15fe74b3a628945c0b089f
- SHA256
  
  db8a8a4bf1e1e63ef1bd27f8131dfeb14bca74e9d68605cf71e9eac5126baa48
- SHA512
  
  b6ff1779ed373e09457fb8fb7330f72bbae32cc4744e8fd121fd5c5778341dc625607308fcf93dee025f1a31a9b878ee857146b51e4d0e7601f97d6f51e706dd
Score

10^/10

modiloader remcos uka persistence rat suricata trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- suricata: ET MALWARE Remocs 3.x Unencrypted Checkin
  suricata: ET MALWARE Remocs 3.x Unencrypted Checkin
  suricata
- suricata: ET MALWARE Remocs 3.x Unencrypted Server Response
  suricata: ET MALWARE Remocs 3.x Unencrypted Server Response
  suricata
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

modiloaderremcosukapersistenceratsuricatatrojan

© 2018-2024

Terms | Privacy