General
-
Target
DHL (SCAN) Shipment Notification.iso
-
Size
1.1MB
-
Sample
210823-fznynpnhvx
-
MD5
72f7678095b2e212d0b3c3da5cf12821
-
SHA1
093eb005c06ead9aedb0965e9f5f392d22b56b9c
-
SHA256
4e91bcc380f2283929f4b8e6fc746e3108dd5ebac3ef8f7a16b6f831613ae1e3
-
SHA512
c2ae19b9d926282a5975d85ef2c0757bbfa2c86a17126f19c3ece65069e786c2153fb7db387198db09c90f139d9671d47803e0e8ac2172cc7021b2c7ed9653e5
Static task
static1
Behavioral task
behavioral1
Sample
DHL (SCAN) Shipment Notification.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
DHL (SCAN) Shipment Notification.exe
Resource
win10v20210410
Malware Config
Extracted
remcos
LAS LAS
goddywin.freedynamicdns.net:4108
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-YZ590Y
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
DHL (SCAN) Shipment Notification.exe
-
Size
1.0MB
-
MD5
90d18e14ba0ddee3dd22598c8435c109
-
SHA1
b8b473aa7cefe46e934bde3a5c89f7f96f197ed1
-
SHA256
bf0cc4fd655e77d8b634ad0f7de607e8bda88034910511e120dafc86d96fd8df
-
SHA512
10fe71f49c94f8b263fc113ad5ad3bb15067644941db57ea386294b34f3e27bd77bc049835fd07239495c18cc02dab8ea8c1f129ef1875603a8950c1acfc3d5e
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Adds Run key to start application
-