General
-
Target
Inquiry for Export to Czech Republic.exe
-
Size
617KB
-
Sample
210331-j1wq2sn4tx
-
MD5
34adf4b04711ceface4d93de0777ae6e
-
SHA1
e1eba71c8893c528f839cbb02e03fb8234436f31
-
SHA256
9a85184a6496a2e3055f5f8bb91ee73acb718e4b2589b42f7253416b7870be3c
-
SHA512
921ff742ae5a1e56bd650f830f2b25efb70f87517a4d84bf938bc756677086d70a4ff8d123224006953e6db51a76fef2b2515de00f8ad176329436d56dfec4b4
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry for Export to Czech Republic.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Inquiry for Export to Czech Republic.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
blazeblaze.ddns.net:10008
Targets
-
-
Target
Inquiry for Export to Czech Republic.exe
-
Size
617KB
-
MD5
34adf4b04711ceface4d93de0777ae6e
-
SHA1
e1eba71c8893c528f839cbb02e03fb8234436f31
-
SHA256
9a85184a6496a2e3055f5f8bb91ee73acb718e4b2589b42f7253416b7870be3c
-
SHA512
921ff742ae5a1e56bd650f830f2b25efb70f87517a4d84bf938bc756677086d70a4ff8d123224006953e6db51a76fef2b2515de00f8ad176329436d56dfec4b4
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-