General
-
Target
RFQ-00421-0505.exe
-
Size
759KB
-
Sample
210505-na99gsrhf6
-
MD5
5810ce2501a4eb374d6645f732c7a09c
-
SHA1
b10725b4231b66db00b7d070b1598d97b6fedd39
-
SHA256
07a065c4b19b8f98199e9ad84c2b2073e84bf0abdc3c075b9976abdeb5e40e73
-
SHA512
7c31c0e4ae9f5d983a83670700f54132cb9709056a46449a52a349ea2ce0e194b385f7682a9643eeb2b02b834006c7a970f6239f4592d33892f655dad1abad53
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-00421-0505.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
RFQ-00421-0505.exe
Resource
win10v20210410
Malware Config
Extracted
remcos
style.ptbagasps.co.id:42024
Targets
-
-
Target
RFQ-00421-0505.exe
-
Size
759KB
-
MD5
5810ce2501a4eb374d6645f732c7a09c
-
SHA1
b10725b4231b66db00b7d070b1598d97b6fedd39
-
SHA256
07a065c4b19b8f98199e9ad84c2b2073e84bf0abdc3c075b9976abdeb5e40e73
-
SHA512
7c31c0e4ae9f5d983a83670700f54132cb9709056a46449a52a349ea2ce0e194b385f7682a9643eeb2b02b834006c7a970f6239f4592d33892f655dad1abad53
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-