modiloader | 08fe7e61eafc062a5f50981fae0f578442cdfd31a00e2398389c8bea37485f02 | Triage

Sharing

General

Target

24c2540e588585a4daf8b3fe1112a78d.exe
Size

1.0MB
Sample

200731-brd81v3v32
MD5

24c2540e588585a4daf8b3fe1112a78d
SHA1

d48b28ebb1a010eae20a10aa4d1d6c5a79ea6f96
SHA256

08fe7e61eafc062a5f50981fae0f578442cdfd31a00e2398389c8bea37485f02
SHA512

d1add494d6d6e658126d7fbd35c9b1adfa54e0417125ff55d1ab9290fb0670ad97fa723e5764b6cc06082968f7b1267ebfccd53e9cbee112b0c9cface2021923

Score

10^/10

modiloader remcos persistence rat trojan

Malware Config

Targets

- Target
  
  24c2540e588585a4daf8b3fe1112a78d.exe
- Size
  
  1.0MB
- MD5
  
  24c2540e588585a4daf8b3fe1112a78d
- SHA1
  
  d48b28ebb1a010eae20a10aa4d1d6c5a79ea6f96
- SHA256
  
  08fe7e61eafc062a5f50981fae0f578442cdfd31a00e2398389c8bea37485f02
- SHA512
  
  d1add494d6d6e658126d7fbd35c9b1adfa54e0417125ff55d1ab9290fb0670ad97fa723e5764b6cc06082968f7b1267ebfccd53e9cbee112b0c9cface2021923
Score

10^/10

modiloader remcos persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

modiloaderremcospersistencerattrojan

behavioral2