General
-
Target
6d238a412f808d2c4c56865d7f4c4d16.rtf
-
Size
11KB
-
Sample
210119-eg8xz9yzej
-
MD5
6d238a412f808d2c4c56865d7f4c4d16
-
SHA1
cf2c952dd7303167d7e666763dcf278088190f52
-
SHA256
a4ab58cc18771c7141e96d45714b7aeb046ff7173ec5266f08da7b28d411744e
-
SHA512
764bc68ac1f55d2b0b717ec8434f22c8bc5baf50cfa517e8d0fbae22f2419332d33f67d5dc41bab415e5e68af9b42c41df8262f25ea105f65c4984e8c5c3fbe8
Malware Config
Extracted
remcos
4sureme.ddns.net:4902
Targets
-
-
Target
6d238a412f808d2c4c56865d7f4c4d16.rtf
-
Size
11KB
-
MD5
6d238a412f808d2c4c56865d7f4c4d16
-
SHA1
cf2c952dd7303167d7e666763dcf278088190f52
-
SHA256
a4ab58cc18771c7141e96d45714b7aeb046ff7173ec5266f08da7b28d411744e
-
SHA512
764bc68ac1f55d2b0b717ec8434f22c8bc5baf50cfa517e8d0fbae22f2419332d33f67d5dc41bab415e5e68af9b42c41df8262f25ea105f65c4984e8c5c3fbe8
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
ModiLoader First Stage
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-