General
-
Target
a006756cd376ff10fd4578d70da88792
-
Size
416KB
-
Sample
220707-f8c2qafhf7
-
MD5
a006756cd376ff10fd4578d70da88792
-
SHA1
c30f5e18bd45aac2575aaeb77b2e86d4e76a3c51
-
SHA256
c6ca42049e6bbe97f58dc7b6da5688aa304ce8a0a1cc25853ba7f74ccc70abf6
-
SHA512
2c34dede2ff613823af872e6f209af49868151216d3875cc9d46fd650a67ca206147185e71fd7f9392a823db263dcee37a399f93c1aef4163e8f6d76f4217c1a
Static task
static1
Behavioral task
behavioral1
Sample
REF New order & Mackson Quote/REF New order & Mackson Quote000000000000000000000000.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
REF New order & Mackson Quote/REF New order & Mackson Quote000000000000000000000000.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
remcos
uka
micenaxus.com:2404
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
uka
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
uka-RQ2V95
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
- take_screenshot_title
Targets
-
-
Target
REF New order & Mackson Quote/REF New order & Mackson Quote000000000000000000000000.exe
-
Size
770KB
-
MD5
44d34fafe191feaebf9a8602aae1f11d
-
SHA1
a9d7a46214486089eb15fe74b3a628945c0b089f
-
SHA256
db8a8a4bf1e1e63ef1bd27f8131dfeb14bca74e9d68605cf71e9eac5126baa48
-
SHA512
b6ff1779ed373e09457fb8fb7330f72bbae32cc4744e8fd121fd5c5778341dc625607308fcf93dee025f1a31a9b878ee857146b51e4d0e7601f97d6f51e706dd
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE Remocs 3.x Unencrypted Checkin
suricata: ET MALWARE Remocs 3.x Unencrypted Checkin
-
suricata: ET MALWARE Remocs 3.x Unencrypted Server Response
suricata: ET MALWARE Remocs 3.x Unencrypted Server Response
-
ModiLoader Second Stage
-
Adds Run key to start application
-