General
-
Target
Izjava u prilogu.zip
-
Size
469KB
-
Sample
220802-g26wwsbgg5
-
MD5
5951386743f1f997bf18f286ee6e9f45
-
SHA1
e6840b5e0169db7584b1421ef3fc2062b864070d
-
SHA256
53c71fdc5e7f7c0fc1ffd4630605fba8626e302632e410ba6a707f6a0d297c33
-
SHA512
e8b8d9a3acc5039af7882c309ff98113c448c5fa46664c6097af19f931bab7524ffaff3f59491a16c2a2a962ffe4858a9ab5d2df9239615f82aa93626069684a
Static task
static1
Behavioral task
behavioral1
Sample
Izjava u prilogu.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
Izjava u prilogu.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
remcos
RemoteHost
newehmpage.webredirect.org:5564
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
javaaa.exe
-
copy_folder
javaa
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
true
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
javaa-OMZZ5I
-
screenshot_crypt
false
-
screenshot_flag
true
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
javaa
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Izjava u prilogu.exe
-
Size
836KB
-
MD5
07789017f254b6ac45b11f66ccada623
-
SHA1
6957e2bd7068f1303723c2ba3075771cdbcb23f0
-
SHA256
d17de6f437033140a8197c29721e535e19cde342b211c3a0074fa54f79afb375
-
SHA512
b30f98657c5069185af2e7a84af4bb2b2d73e9c7a455beae520668a6b40420e0f4d5f19333ec6f7ec45a74c8544f88d449ea1b8d2eacadf22e574b39a384e8b1
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-