Overview

overview

10

Static

static

Copia_de_Pago_pdf.scr

windows7_x64

10

Copia_de_Pago_pdf.scr

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Copia_de_Pago_pdf.scr

  • Size

    704KB

  • Sample

    210510-g34p1jclns

  • MD5

    9a898b2953874a2474c74d8d48e78596

  • SHA1

    50dac6556f57b03f1a3165bbfa9e326de3a2bf4e

  • SHA256

    44130b6c18abaaea8d59ba7ef447b231e2bde5ae9fd572104ca51136e5e35150

  • SHA512

    07fa3708aa1c28ecfcc9b753287dd15334fb96c0f97f3be1b7aebd9772f320d226f24305131d1f914438898652592b15e7f75eb9fbd4c1a82cde32359da38317

Score
10/10
modiloaderremcospersistencerattrojan

Malware Config

Extracted

Family

remcos

C2

Officialsw.chickenkiller.com:2310

official.ydns.eu:2310

Targets

    • Target

      Copia_de_Pago_pdf.scr

    • Size

      704KB

    • MD5

      9a898b2953874a2474c74d8d48e78596

    • SHA1

      50dac6556f57b03f1a3165bbfa9e326de3a2bf4e

    • SHA256

      44130b6c18abaaea8d59ba7ef447b231e2bde5ae9fd572104ca51136e5e35150

    • SHA512

      07fa3708aa1c28ecfcc9b753287dd15334fb96c0f97f3be1b7aebd9772f320d226f24305131d1f914438898652592b15e7f75eb9fbd4c1a82cde32359da38317

    Score
    10/10
    modiloaderremcospersistencerattrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks