modiloader | 89994f1a3641d3d36049928ad6d76a86ebe456ab7f894549ca0301462670bfcd | Triage

Submit
Reports

Overview

overview

Static

static

1

Constructi...ts.one

windows7-x64

Constructi...ts.one

windows10-2004-x64

3

Resubmissions

15-02-2023 17:27

230215-v1k5pacg7v 7

14-02-2023 10:55

230214-mz8wcscb5s 10

Sharing

General

Target

ConstructionDocuments.one
Size

923KB
Sample

230214-mz8wcscb5s
MD5

04ecfc3fa0c53151d976f2d6fbd65c31
SHA1

3fedd5e8cf0d285e74bb66370f4913bdfe9ff2a1
SHA256

89994f1a3641d3d36049928ad6d76a86ebe456ab7f894549ca0301462670bfcd
SHA512

6e7a42a8cd7f814d8b25d0b0d4d075ca71fd0c0779f5d1de865cf53d58dbd50aa7b8ee5d2b9d8ce94c42e1e050e2da7f6fe6c7e44ed1dd58f659f8704ddc5291
SSDEEP

12288:Ob8A+lyMML0gN55kXFyqf0bGBvGoE3IhAf1nAhglRF:O4ZzML0gN5WXFaK9GoEHf1nAhglRF

Score

10^/10

modiloader remcos persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

ConstructionDocuments.one

Resource

win7-20221111-en

modiloader remcos persistence rat trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

ConstructionDocuments.one

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  ConstructionDocuments.one
- Size
  
  923KB
- MD5
  
  04ecfc3fa0c53151d976f2d6fbd65c31
- SHA1
  
  3fedd5e8cf0d285e74bb66370f4913bdfe9ff2a1
- SHA256
  
  89994f1a3641d3d36049928ad6d76a86ebe456ab7f894549ca0301462670bfcd
- SHA512
  
  6e7a42a8cd7f814d8b25d0b0d4d075ca71fd0c0779f5d1de865cf53d58dbd50aa7b8ee5d2b9d8ce94c42e1e050e2da7f6fe6c7e44ed1dd58f659f8704ddc5291
- SSDEEP
  
  12288:Ob8A+lyMML0gN55kXFyqf0bGBvGoE3IhAf1nAhglRF:O4ZzML0gN5WXFaK9GoEHf1nAhglRF
Score

10^/10

modiloader remcos persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- ModiLoader Second Stage
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderremcospersistencerattrojan

behavioral2

© 2018-2024

Terms | Privacy