General
-
Target
91489557012035DraftBLFmKNNBRecd07Apr23CFM.exe
-
Size
673KB
-
Sample
230411-hqx1aaba58
-
MD5
7a22c075e6bb86f3a537fd592925d0f8
-
SHA1
657dde8c6b11a14aa398481768079f3286e37360
-
SHA256
37503c7646071d22653b6be7fdb8ec8d9abbfe8cbfca39650255c131b01f4fd2
-
SHA512
9f1025ab193b0bfd7dfa38f59d2071f2f0293856fe6e1604e0667f93f0f15f241f7458d96c7992d382f7eb1ea6030b8156721dc0de95ad562a319544db655226
-
SSDEEP
12288:KD+aLrg9LSA91a6XQYOg5f46XzsOpj2pMFr0sbOTWE:Ki08wU1a6Xv1B4oKMEW
Malware Config
Extracted
remcos
Razor
20.251.10.189:2349
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
oldosos.dat
-
keylog_flag
false
-
keylog_path
%UserProfile%
-
mouse_option
false
-
mutex
razorsoso-K5DGEB
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
91489557012035DraftBLFmKNNBRecd07Apr23CFM.exe
-
Size
673KB
-
MD5
7a22c075e6bb86f3a537fd592925d0f8
-
SHA1
657dde8c6b11a14aa398481768079f3286e37360
-
SHA256
37503c7646071d22653b6be7fdb8ec8d9abbfe8cbfca39650255c131b01f4fd2
-
SHA512
9f1025ab193b0bfd7dfa38f59d2071f2f0293856fe6e1604e0667f93f0f15f241f7458d96c7992d382f7eb1ea6030b8156721dc0de95ad562a319544db655226
-
SSDEEP
12288:KD+aLrg9LSA91a6XQYOg5f46XzsOpj2pMFr0sbOTWE:Ki08wU1a6Xv1B4oKMEW
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
ModiLoader Second Stage
-
Adds Run key to start application
-