General
-
Target
IMG_71000453439090058.iso
-
Size
1.4MB
-
Sample
220126-tb4easegfl
-
MD5
c0e500dfebba8418230404599e266dbd
-
SHA1
ae4cad3d8f8c1984a1352e5827e391ee4a614152
-
SHA256
5de615f4ccd588a4baab01f4884effac836334fd116ad1732f7c17560d6f0e8d
-
SHA512
6533a3e4680648067338bfbdada5fbe7873382519bd2894343b624a13bc54354daf751f2254d3561c0ead61987054cfcc0d444d12b73ece81d5aee021feff90b
Malware Config
Extracted
remcos
3.3.2 Pro
RemoteHost
proprapra90.ddns.net:8810
storeyman7109.duckdns.org:8810
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
morethan-CJ2X2C
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
IMG_7100.SCR
-
Size
869KB
-
MD5
327916646174b24f42a533053e976e41
-
SHA1
60884023e12058000563bdb2f302f8fc00d4c83d
-
SHA256
a800578827b7e3667884f92ab26a58dc3197e3be7730678d84aa3d9bb5d15db3
-
SHA512
78a980271645839e0e859077c913cef16da4dd4611f5c1e5ce0e5db25b866ff417c22f639b931839e98ccb9cd4914e46c4876b1756c7fc03b7f6f39bca4c9237
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
ModiLoader First Stage
-
ModiLoader Second Stage
-
Sets service image path in registry
-
Adds Run key to start application
-