General
-
Target
Tender_81386271_HMC_FG 33694375_Asanta.7z
-
Size
642KB
-
Sample
230329-jnellaha2y
-
MD5
654b0231cc99e4baa1c1e13bef8b6970
-
SHA1
ce74bb154fb213bb23a56e229b3fb1aaee63691f
-
SHA256
2a34ad677661121afba95ea03ec66e827c0fb2156d465c3da96d10f9e9191a89
-
SHA512
6e7f895334950be59dc6326a4cd88645380d2bb19827ac8fd07bac298f0b4e57b6560fe47b01d898f433ab116982d118c80400ed86d7ab2827532752928a29b3
-
SSDEEP
12288:8F4IQBKW5PsfpOVxVOPhlp4mm+ffWd2HVkLnlmXj77q+aLTK4fRU6:y4IQBDPsfp+jshL4mBffWoHVkDgn7q+g
Static task
static1
Behavioral task
behavioral1
Sample
Tender_81386271_HMC_FG 33694375_Asanta/BOQ.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Tender_81386271_HMC_FG 33694375_Asanta/BOQ.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Tender_81386271_HMC_FG 33694375_Asanta/HMC_FG_Tender_81386271_Asanta Revised.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Tender_81386271_HMC_FG 33694375_Asanta/HMC_FG_Tender_81386271_Asanta Revised.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
remcos
March-Logs-2023
pentester01.duckdns.org:49136
pentester0.accesscam.org:56796
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
owa.exe
-
copy_folder
owa
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
Wetransfer
-
mouse_option
false
-
mutex
owa-6972V4
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
owa
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Tender_81386271_HMC_FG 33694375_Asanta/BOQ.exe
-
Size
119.2MB
-
MD5
2d3c4c708910e5360a9275331027400a
-
SHA1
ef4891f0155ccbc55a5f05745562f46dfe5cf5a1
-
SHA256
98b9281492df8d7a983f94bd96ee1526a6b3b2ca63b3fb54c59b0cc07058d7b0
-
SHA512
f626709f015650f12209d053bd3a206b735fe0e97319d99b618bba14280b8bdc03325edc488400ff325e63532be99ad274ac352d261e3e129b6e2e51d8c8675f
-
SSDEEP
12288:1xkn6YuwDEgW0+K4tvzxn58XdUpGHnSieAi+ZO643VaxBP:nM6yG0+hhzxnidiGHSi33uS
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
Tender_81386271_HMC_FG 33694375_Asanta/HMC_FG_Tender_81386271_Asanta Revised.exe
-
Size
109.7MB
-
MD5
00542734604e06d540c0606862cfc95d
-
SHA1
17f23f4a734e045547ee855abd16c67231c10e2a
-
SHA256
27a06410450d2fad7eaf5e13b16e5dfbfdd6f40112bd3e98eb63bfa12f01c29d
-
SHA512
f26a6a30babd7b1c049cecfcde52e8ed01c7c69c12ee4c0af046586a246000a9d27fac7b0fac2982999233098f1471cac088346ae43837c21f1172fbd6112b7a
-
SSDEEP
12288:1xkn6YuwDEgW0+K4tvzxn58XdUpGHnSieAi+Ze643VaxBP:nM6yG0+hhzxnidiGHSi3HuS
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-