modiloader | 71ea5702c0158681c9d70babbfb6780bea8d9b13b8aaa4a237b1816aa3ce0166 | Triage

Submit
Reports

Overview

overview

Static

static

1

5d037cf787...3f.exe

windows7-x64

5d037cf787...3f.exe

windows10-2004-x64

Sharing

General

Target

9409240601.zip
Size

373KB
Sample

230306-pxz7jsbf9z
MD5

8668066c2b6c8d327dd80ebc2a6c3c86
SHA1

99ff9cad96aef92fdfbe0dfcc8bb0dbccd0a1d9b
SHA256

71ea5702c0158681c9d70babbfb6780bea8d9b13b8aaa4a237b1816aa3ce0166
SHA512

94022c96a095e51123d5e83a6ca9f06904dccb7060e0c2694648bf60d2c86e1da50f6befca70d5d112db0ad11c7f097564ff6872bfbc951d1c7cd3fbbdd7b66a
SSDEEP

6144:PiyM1SeRiAcZgpOaMPi/159BU5eaM5aL95VrkOauyVRqDgWCMsev+2wiDf:PJhGitgd9BU5edWTpxaumqD7N

Score

10^/10

modiloader remcos grade persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

5d037cf78709c27e55a834a365ac2ad02b853e2f35167a9ac3d029dfa435fc3f.exe

Resource

win7-20230220-en

modiloader persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

5d037cf78709c27e55a834a365ac2ad02b853e2f35167a9ac3d029dfa435fc3f.exe

Resource

win10v2004-20230220-en

modiloader remcos grade persistence rat trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

GRADE

C2

79.110.63.178:8974

plunder.nsupdate.info:8974

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
hghade-542B08
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  5d037cf78709c27e55a834a365ac2ad02b853e2f35167a9ac3d029dfa435fc3f
- Size
  
  768KB
- MD5
  
  3c291cb2366108857b8d4dccc07f445f
- SHA1
  
  0fd762cbbb252ea0b3b4d0a0b8baa45ca4b6c7c6
- SHA256
  
  5d037cf78709c27e55a834a365ac2ad02b853e2f35167a9ac3d029dfa435fc3f
- SHA512
  
  03dd321a1ce2f4a0d79eb88da753b87fe580f1ee57a4b87ff76819b065a1b717d5e1c57a198c77828d41b746d1f16a7e5eb8ae98e464ea9f7083624b911ef7b8
- SSDEEP
  
  12288:6NwFOVLJOth8orXYkGFGstVaTq/ZqPLX3UHA25TakgFye5TxF/TkqR:yTTOthtzGFhsT0ZqPLX3UHA2IxF7R
Score

10^/10

modiloader persistence trojan remcos grade rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderremcosgradepersistencerattrojan

© 2018-2024

Terms | Privacy