General
-
Target
FAKTURA-CM.tar.lz
-
Size
592KB
-
Sample
230404-nta8ksge3s
-
MD5
7295f6af7c814cb270d9e0f937c99549
-
SHA1
2c1211fb666a517170572240ace72450eac9b5fc
-
SHA256
7fd220a5b462ed9892294e64e268e3c3f82caa91ccb991175a42409e8fc84533
-
SHA512
7b5317cd2e726574057f160acbb7b13d3461f70abc027c8c19d745bf71b928bf4dd4cac116be8a13beb4a497998a7849ea68e887499dc04675799a384aa450c3
-
SSDEEP
12288:1WzCBVf5R5TbefcnXBnC9POckgCjNINxNtJSeuLR9/rKJhjrC:ozCBVzhbOcXAzkgC5oxk7mJhjrC
Static task
static1
Behavioral task
behavioral1
Sample
FAKTURA CM.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
remcos
EXODUS 2023
chimarem.duckdns.org:1356
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-JNASFK
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
FAKTURA CM.exe
-
Size
1.0MB
-
MD5
a343f50cd43fa80911330c79d13657c9
-
SHA1
52f0bff35d59bb7e0f6605b765af90960d6ff741
-
SHA256
b09339b9505717e86f7c99f1bda7bf3b1cabdb4e477f98990b190c928a26d966
-
SHA512
2096caf50f7726a7b2fb453412936246e138e41940e1a10f6e6cdadf12056d2086c3115918a8e554989f7d11a1e20faf5b7c9e7209abe4ccfce6f9af53197f13
-
SSDEEP
24576:v6R9yfVUXwTEfF59XADz3OjaZQQJ0nhUGfAptLM:v6mO0MF59XADzejakuGfA3M
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-