modiloader | 2a34ad677661121afba95ea03ec66e827c0fb2156d465c3da96d10f9e9191a89

General

Target

Tender_81386271_HMC_FG 33694375_Asanta.7z
Size

642KB
Sample

230329-jnellaha2y
MD5

654b0231cc99e4baa1c1e13bef8b6970
SHA1

ce74bb154fb213bb23a56e229b3fb1aaee63691f
SHA256

2a34ad677661121afba95ea03ec66e827c0fb2156d465c3da96d10f9e9191a89
SHA512

6e7f895334950be59dc6326a4cd88645380d2bb19827ac8fd07bac298f0b4e57b6560fe47b01d898f433ab116982d118c80400ed86d7ab2827532752928a29b3
SSDEEP

12288:8F4IQBKW5PsfpOVxVOPhlp4mm+ffWd2HVkLnlmXj77q+aLTK4fRU6:y4IQBDPsfp+jshL4mBffWoHVkDgn7q+g

Score

10^/10

Malware Config

Extracted

Family

remcos

Botnet

March-Logs-2023

C2

pentester01.duckdns.org:49136

pentester0.accesscam.org:56796

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
owa.exe
copy_folder
owa
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
Wetransfer
mouse_option
false
mutex
owa-6972V4
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
owa
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  Tender_81386271_HMC_FG 33694375_Asanta/BOQ.exe
- Size
  
  119.2MB
- MD5
  
  2d3c4c708910e5360a9275331027400a
- SHA1
  
  ef4891f0155ccbc55a5f05745562f46dfe5cf5a1
- SHA256
  
  98b9281492df8d7a983f94bd96ee1526a6b3b2ca63b3fb54c59b0cc07058d7b0
- SHA512
  
  f626709f015650f12209d053bd3a206b735fe0e97319d99b618bba14280b8bdc03325edc488400ff325e63532be99ad274ac352d261e3e129b6e2e51d8c8675f
- SSDEEP
  
  12288:1xkn6YuwDEgW0+K4tvzxn58XdUpGHnSieAi+ZO643VaxBP:nM6yG0+hhzxnidiGHSi33uS
Score

10^/10

modiloader remcos persistence rat trojan march-logs-2023
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  Tender_81386271_HMC_FG 33694375_Asanta/HMC_FG_Tender_81386271_Asanta Revised.exe
- Size
  
  109.7MB
- MD5
  
  00542734604e06d540c0606862cfc95d
- SHA1
  
  17f23f4a734e045547ee855abd16c67231c10e2a
- SHA256
  
  27a06410450d2fad7eaf5e13b16e5dfbfdd6f40112bd3e98eb63bfa12f01c29d
- SHA512
  
  f26a6a30babd7b1c049cecfcde52e8ed01c7c69c12ee4c0af046586a246000a9d27fac7b0fac2982999233098f1471cac088346ae43837c21f1172fbd6112b7a
- SSDEEP
  
  12288:1xkn6YuwDEgW0+K4tvzxn58XdUpGHnSieAi+Ze643VaxBP:nM6yG0+hhzxnidiGHSi3HuS
Score

10^/10

modiloader remcos persistence rat trojan march-logs-2023
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral3 behavioral4