modiloader | b1837f6e117f60e76da4f32b8b86cab5476d07e213421598a4f38c0cbab8f0d3 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...30.exe

windows7-x64

SecuriteIn...30.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Variant.Zusy.434746.19230.5503
Size

797KB
Sample

220801-d5w93sgee4
MD5

8e16fd7852d00fd89e5ad4c2b3ac7432
SHA1

d492d1d739c437cfee2a4b5c401eef8003a7352a
SHA256

b1837f6e117f60e76da4f32b8b86cab5476d07e213421598a4f38c0cbab8f0d3
SHA512

03d6a9696558428c9fb42bc22c968c852310a986185ba5072fc364a13c33d1ab47b62ad05c101b423e7956403b5ff116b5739c23e6b00b51dcbe110f0c671e35

Score

10^/10

modiloader remcos persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Variant.Zusy.434746.19230.exe

Resource

win7-20220718-en

modiloader remcos persistence rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Variant.Zusy.434746.19230.exe

Resource

win10v2004-20220722-en

modiloader persistence trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Variant.Zusy.434746.19230.5503
- Size
  
  797KB
- MD5
  
  8e16fd7852d00fd89e5ad4c2b3ac7432
- SHA1
  
  d492d1d739c437cfee2a4b5c401eef8003a7352a
- SHA256
  
  b1837f6e117f60e76da4f32b8b86cab5476d07e213421598a4f38c0cbab8f0d3
- SHA512
  
  03d6a9696558428c9fb42bc22c968c852310a986185ba5072fc364a13c33d1ab47b62ad05c101b423e7956403b5ff116b5739c23e6b00b51dcbe110f0c671e35
Score

10^/10

modiloader remcos persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderremcospersistencerattrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2024

Terms | Privacy