General
-
Target
Dringende RFQ_AP65425652_032421,pdf.exe
-
Size
686KB
-
Sample
210803-85k2j19hla
-
MD5
29b7085660f5c35ee210dd37d556737d
-
SHA1
d3f5d61bcf16222c57d5501ae86d3beea1e155ad
-
SHA256
1b945f30cc3cff4673d9a29a7f865edf107b7bfb64e5da763672449ef94fb7b9
-
SHA512
01e0e2022d7db27b848ae143082e75e734546c59c7d7eef83b42e7eba84f7f5501d97bd85f34dd4872f29dbc27a7b3c947e1335f243541d31e5aebaa8a03f3e4
Static task
static1
Behavioral task
behavioral1
Sample
Dringende RFQ_AP65425652_032421,pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Dringende RFQ_AP65425652_032421,pdf.exe
Resource
win10v20210408
Malware Config
Extracted
remcos
SON OF GRACE
blessedudoka.ddns.net:4753
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-3OOKY5
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
Dringende RFQ_AP65425652_032421,pdf.exe
-
Size
686KB
-
MD5
29b7085660f5c35ee210dd37d556737d
-
SHA1
d3f5d61bcf16222c57d5501ae86d3beea1e155ad
-
SHA256
1b945f30cc3cff4673d9a29a7f865edf107b7bfb64e5da763672449ef94fb7b9
-
SHA512
01e0e2022d7db27b848ae143082e75e734546c59c7d7eef83b42e7eba84f7f5501d97bd85f34dd4872f29dbc27a7b3c947e1335f243541d31e5aebaa8a03f3e4
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Blocklisted process makes network request
-
Adds Run key to start application
-