General

  • Target

    ASP-180515& FL-180515,pdf.exe

  • Size

    1.5MB

  • Sample

    200710-w433qb3zg2

  • MD5

    107c36766069163806782196e3c9e4f7

  • SHA1

    6374cff5a8edd8785d6ce8257cbb89437d901ceb

  • SHA256

    06fbbbc992085d6851383435dd9f114b5c58e936d392f7ccd3861a27f8eaa04b

  • SHA512

    21fb57bc21d80c797dd9d226559926617128080356e6e4baa9dd8147a8bf05e715cbf57901623a50102bfbe91127f1548ba9a8646c112a2f710fd41683883e2b

Malware Config

Targets

    • Target

      ASP-180515& FL-180515,pdf.exe

    • Size

      1.5MB

    • MD5

      107c36766069163806782196e3c9e4f7

    • SHA1

      6374cff5a8edd8785d6ce8257cbb89437d901ceb

    • SHA256

      06fbbbc992085d6851383435dd9f114b5c58e936d392f7ccd3861a27f8eaa04b

    • SHA512

      21fb57bc21d80c797dd9d226559926617128080356e6e4baa9dd8147a8bf05e715cbf57901623a50102bfbe91127f1548ba9a8646c112a2f710fd41683883e2b

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks