General
-
Target
f41bae930735486a5456bb2ec5b22bd7.exe
-
Size
700KB
-
Sample
210913-wp1xfahcfp
-
MD5
f41bae930735486a5456bb2ec5b22bd7
-
SHA1
7c05b71120cd703685fe19d5f8969ec73ae340bd
-
SHA256
15851690d3cb99d95e82bb47d3f31db71688c69dd50b0a8367e97aa3b501b637
-
SHA512
0ad929cf22f7ebc84580d6967f1c7ad60d9cf8a18ff730d4b996f498bd740af451eedff622887f4c6216cb32e09fafa848eb81f8bb27df6ab589d9e42dc99676
Static task
static1
Behavioral task
behavioral1
Sample
f41bae930735486a5456bb2ec5b22bd7.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
f41bae930735486a5456bb2ec5b22bd7.exe
Resource
win10v20210408
Malware Config
Extracted
remcos
3.2.0 Pro
NEW-YAK-0817
bustabantu0817.hopto.org:7575
bustabantu0817.duckdns.org:7575
bustabantu0817.ddnsgeek.com:7575
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
sgol.dat
-
keylog_flag
false
-
keylog_folder
mygol
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
bgy-hyt-juj-BISZGM
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Extracted
remcos
NEW-YAK-0817
bustabantu0817.hopto.org:7575
bustabantu0817.duckdns.org:7575
bustabantu0817.ddnsgeek.com:7575
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
sgol.dat
-
keylog_flag
false
-
keylog_folder
mygol
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
bgy-hyt-juj-BISZGM
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
f41bae930735486a5456bb2ec5b22bd7.exe
-
Size
700KB
-
MD5
f41bae930735486a5456bb2ec5b22bd7
-
SHA1
7c05b71120cd703685fe19d5f8969ec73ae340bd
-
SHA256
15851690d3cb99d95e82bb47d3f31db71688c69dd50b0a8367e97aa3b501b637
-
SHA512
0ad929cf22f7ebc84580d6967f1c7ad60d9cf8a18ff730d4b996f498bd740af451eedff622887f4c6216cb32e09fafa848eb81f8bb27df6ab589d9e42dc99676
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Adds Run key to start application
-