modiloader | e943c7d841ec46e786a7d2eafbc5e89329c132a4865ed1edc502be68012e94fc

General

Target

7803356153.zip
Size

436KB
Sample

220803-ya2arsffbp
MD5

b95040e3a2574bdfb207fc7322b82d36
SHA1

a96cff4a22efd9c875b39cedb9e5f706ae34eb85
SHA256

e943c7d841ec46e786a7d2eafbc5e89329c132a4865ed1edc502be68012e94fc
SHA512

ec8db9c23f6beead9da504146daf8a2aedfdfb30a0c00e9bf450393f29199d775a0947f28278a3597cccb8a3473cd119179ce9fbdfca12842f67f7b13632f246

Score

10^/10

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

dash.3utilities.com:2404

dash1.3utilities.com:2404

dash2.ddns.net:2404

bash.mywire.org:2404

bash1.accesscam.org:2404

dash3.ddns.net:2404

dash4.ddns.net:2404

bash2.accessscam.org:2404

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%AppData%
mouse_option
false
mutex
dashboard-AEPCOD
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
notepad;solitaire;

Targets

- Target
  
  2eb38f178185eea7a7d83cf7f3d85c7ebc45d82663f37294a79bbaf6e4f7860d
- Size
  
  796KB
- MD5
  
  615def171d3b415388d7e204a0c008fd
- SHA1
  
  0bb178878475eb4b66a701afe99b2073473051c3
- SHA256
  
  2eb38f178185eea7a7d83cf7f3d85c7ebc45d82663f37294a79bbaf6e4f7860d
- SHA512
  
  9b3e5420d1d77c163f7d4820f04131d945cb31d1d178f8fffe11745a0bd34b521d18cefbda2be2052ca6ca679096be78423fa7a3af08ddccd3d1891dee0a6aba
Score

10^/10

modiloader remcos remotehost persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Remcos

ModiLoader Second Stage

Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2