General
-
Target
Ordonnance PL-PB39-210706.iso
-
Size
752KB
-
Sample
210805-wrj52q611x
-
MD5
ec01be6b5d41439b517192b134706041
-
SHA1
c21d12c458df1bba2d06ad8457f401a15a09a70b
-
SHA256
fbb4338620c1c11fb419cee3b8138f608cdb852b57a61cfedcec23764325a5aa
-
SHA512
fe807de85749b84858607c07b3d4e62350bcca9dd6e9f83de7b516fd4c867c29d5b0ea16daf92dad762a4a8176a275c1f60b2230f21b59792a368791c82b5fc2
Static task
static1
Behavioral task
behavioral1
Sample
Ordonnance PL-PB39-210706.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Ordonnance PL-PB39-210706.exe
Resource
win10v20210410
Malware Config
Extracted
remcos
Gobal
june248.ddns.net:3759
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-4U30G5
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
Ordonnance PL-PB39-210706.exe
-
Size
690KB
-
MD5
387c0e39f24944d264ee4cf0734d42b7
-
SHA1
80f391534e5732b1bdd4b89531aca686d33b7362
-
SHA256
d1f9a0b2a40e1a34cd4e5a1a756749a6f5180886153b9c1c9593e455540a41c1
-
SHA512
6d9b15b43f3adca503703f45d5249fe2cf6d832c62e383fd3271ead6173347eb398dcd141d8df57076a2dcdbc5b26999e3de4800e923bfd957db6badb3a8da92
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Adds Run key to start application
-