General
-
Target
SWIFTCOPY_110255293303484_SANTANDER.doc
-
Size
1.6MB
-
Sample
210330-4a3g8cz2y2
-
MD5
2669b367e19d303277d90e1df00141d6
-
SHA1
e1acf19515cc4ce7cd4946226510a4b63a20571c
-
SHA256
0ceab68641ca19a5f55d30cfc6f0e714c62cbec56683dd723704b890e9863983
-
SHA512
a7c4fa232f8c6b70eeaab34b184a737e317340ecd69ce099e147151c90987d7fe57899ddfab96efaf8b96b6a716e75d841bc68b0541ea6587772ca07cf149008
Static task
static1
Behavioral task
behavioral1
Sample
SWIFTCOPY_110255293303484_SANTANDER.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SWIFTCOPY_110255293303484_SANTANDER.doc
Resource
win10v20201028
Malware Config
Extracted
remcos
official.myq-see.com:2310
official.ydns.eu:2310
Targets
-
-
Target
SWIFTCOPY_110255293303484_SANTANDER.doc
-
Size
1.6MB
-
MD5
2669b367e19d303277d90e1df00141d6
-
SHA1
e1acf19515cc4ce7cd4946226510a4b63a20571c
-
SHA256
0ceab68641ca19a5f55d30cfc6f0e714c62cbec56683dd723704b890e9863983
-
SHA512
a7c4fa232f8c6b70eeaab34b184a737e317340ecd69ce099e147151c90987d7fe57899ddfab96efaf8b96b6a716e75d841bc68b0541ea6587772ca07cf149008
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-