General
-
Target
FAKTURA BG.exe
-
Size
828KB
-
Sample
230316-kejpmahh85
-
MD5
23ce93e9d98e4e6ad3e204e88ff538d8
-
SHA1
08c610fdceb42de0f9c5e6c1f034565f3ab71168
-
SHA256
96c3eda0f05d27702d5af7f5e0c626da24c93013804fd3ebc35241164eafdbdf
-
SHA512
43ed8350f28ac9dcb2a246b6b7ca3a4e25090b6112badfa5934ef50aaafc9d440d08a264bc3c2a88e74a197ea06b8308db06d92081be97928b22fc89f7efe5fe
-
SSDEEP
12288:mMlTjVH4G4CWP/lAS2WW5dCvWSbmbrvPZb2v+9aWx6OPOKX:m4PV17WP6S2WWGuSirvPZwZPOPOK
Static task
static1
Behavioral task
behavioral1
Sample
FAKTURA BG.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
FAKTURA BG.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
remcos
DESTINY DIFFERS
ekurorem.duckdns.org:1979
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-X77K34
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
FAKTURA BG.exe
-
Size
828KB
-
MD5
23ce93e9d98e4e6ad3e204e88ff538d8
-
SHA1
08c610fdceb42de0f9c5e6c1f034565f3ab71168
-
SHA256
96c3eda0f05d27702d5af7f5e0c626da24c93013804fd3ebc35241164eafdbdf
-
SHA512
43ed8350f28ac9dcb2a246b6b7ca3a4e25090b6112badfa5934ef50aaafc9d440d08a264bc3c2a88e74a197ea06b8308db06d92081be97928b22fc89f7efe5fe
-
SSDEEP
12288:mMlTjVH4G4CWP/lAS2WW5dCvWSbmbrvPZb2v+9aWx6OPOKX:m4PV17WP6S2WWGuSirvPZwZPOPOK
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-