General
-
Target
LPO-DOCS-140822.exe
-
Size
692KB
-
Sample
220815-k3wn4abed5
-
MD5
87870a512b0d889e1da9ee54388799ca
-
SHA1
01e96643d8a754f8d37e21b1279a79547cb67eed
-
SHA256
fd9c78c0994c085516b97c91de39ffe88b7111ac2f040f826e53c6c9f72ffce7
-
SHA512
7cbd005058a5a3e99149097999a2d73deeb195b4240309b0e32dcf5c3c10ee76b39ebeb48453df23ddfad9e0c3345dea4e9ccbd638e1f9b99af09e2130f22ffd
Malware Config
Extracted
remcos
Finally
185.62.86.145:42024
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
onedrivee
-
mouse_option
false
-
mutex
onedrive-TYU0OA
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
LPO-DOCS-140822.exe
-
Size
692KB
-
MD5
87870a512b0d889e1da9ee54388799ca
-
SHA1
01e96643d8a754f8d37e21b1279a79547cb67eed
-
SHA256
fd9c78c0994c085516b97c91de39ffe88b7111ac2f040f826e53c6c9f72ffce7
-
SHA512
7cbd005058a5a3e99149097999a2d73deeb195b4240309b0e32dcf5c3c10ee76b39ebeb48453df23ddfad9e0c3345dea4e9ccbd638e1f9b99af09e2130f22ffd
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Adds Run key to start application
-
Drops file in System32 directory
-