General
-
Target
clip.exe_
-
Size
827KB
-
Sample
210802-qhd73f1xns
-
MD5
e6ed552b84d437e90031f9fc3d41b62a
-
SHA1
a3ef9269bc3a1c10ab532a4e45e674b90802d435
-
SHA256
fd866b4e18b49ef0232eda27280a0d56a9e408792bba4cddded1961fe64e7bf3
-
SHA512
18279fe31299b0456d5b1a31f29616f39930d478de7ccb37c556866abcdf2eec40cc975fd50b01aead7d1aba7ffe040f03c27fcbfda56d1f35992048fe040510
Static task
static1
Behavioral task
behavioral1
Sample
clip.exe_.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
clip.exe_.exe
Resource
win10v20210408
Malware Config
Extracted
remcos
3.2.0 Pro
Jules
twistednerd.dvrlists.com:8618
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Jules-S7Z67A
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
clip.exe_
-
Size
827KB
-
MD5
e6ed552b84d437e90031f9fc3d41b62a
-
SHA1
a3ef9269bc3a1c10ab532a4e45e674b90802d435
-
SHA256
fd866b4e18b49ef0232eda27280a0d56a9e408792bba4cddded1961fe64e7bf3
-
SHA512
18279fe31299b0456d5b1a31f29616f39930d478de7ccb37c556866abcdf2eec40cc975fd50b01aead7d1aba7ffe040f03c27fcbfda56d1f35992048fe040510
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Adds Run key to start application
-