General
-
Target
PO AR483-1590436 _ J-3000 PROJT.xlsx
-
Size
55KB
-
Sample
210119-7qn7537n26
-
MD5
245fa98d0fc156ccd21c92b31ec8c5c7
-
SHA1
b5cabd660aafef98fc3fbc987aa1bc4d5884fa17
-
SHA256
a681967d5d91f1def07dcde80d561b9621381760b781c970746673d53e7bfcd7
-
SHA512
b78e1f36524ddb9a76d36ee809150bd8cf0f2a0a3ae747d79046e6cb5a14e863485e0740c2a860b7f40be19b70f2607c0cd9f1a753facf8c41d4c7c2cd22c3b7
Malware Config
Extracted
remcos
4sureme.ddns.net:4902
Targets
-
-
Target
PO AR483-1590436 _ J-3000 PROJT.xlsx
-
Size
55KB
-
MD5
245fa98d0fc156ccd21c92b31ec8c5c7
-
SHA1
b5cabd660aafef98fc3fbc987aa1bc4d5884fa17
-
SHA256
a681967d5d91f1def07dcde80d561b9621381760b781c970746673d53e7bfcd7
-
SHA512
b78e1f36524ddb9a76d36ee809150bd8cf0f2a0a3ae747d79046e6cb5a14e863485e0740c2a860b7f40be19b70f2607c0cd9f1a753facf8c41d4c7c2cd22c3b7
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
ModiLoader First Stage
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-