modiloader | f8185c5af3e891bdb81a646bb410777393f7ba6db6f4fc0727948c4b95264334 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...67.exe

windows7_x64

SecuriteIn...67.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.Trojan.DownLoader33.63103.7154.21167
Size

1.2MB
Sample

200712-n9n9neqpfx
MD5

6c828880cf1a66e50d5f9f199421c069
SHA1

d6bad18b6025d9bea349f178bcbf416010c3b4bd
SHA256

f8185c5af3e891bdb81a646bb410777393f7ba6db6f4fc0727948c4b95264334
SHA512

1dc753ec63419e7fa8773fdc1b4da3d026217fbde17ef4eb86ee5e965c312bcc75d1cf1f44a9512c147fa3893b6a2b001d44dbf42fd4f3d972b27bbe31be462a

Score

10^/10

modiloader remcos persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.DownLoader33.63103.7154.21167.exe

Resource

win7

modiloader remcos persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Trojan.DownLoader33.63103.7154.21167.exe

Resource

win10v200430

modiloader remcos persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Trojan.DownLoader33.63103.7154.21167
- Size
  
  1.2MB
- MD5
  
  6c828880cf1a66e50d5f9f199421c069
- SHA1
  
  d6bad18b6025d9bea349f178bcbf416010c3b4bd
- SHA256
  
  f8185c5af3e891bdb81a646bb410777393f7ba6db6f4fc0727948c4b95264334
- SHA512
  
  1dc753ec63419e7fa8773fdc1b4da3d026217fbde17ef4eb86ee5e965c312bcc75d1cf1f44a9512c147fa3893b6a2b001d44dbf42fd4f3d972b27bbe31be462a
Score

10^/10

modiloader remcos persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- ServiceHost packer
  Detects ServiceHost packer used for .NET malware
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

modiloaderremcospersistencerattrojan

behavioral2

modiloaderremcospersistencerattrojan

© 2018-2024

Terms | Privacy