General
-
Target
0688a1a170b1ceb77f9debaac0c3bb79a074fa449afae2644007286af5155643.zip
-
Size
440KB
-
Sample
230418-jvd9eaac78
-
MD5
a9b5f71116ab8d732cc8177ff13a5e36
-
SHA1
bb999660b9bf058a3b45a4cd2fc1b67d9a4fdd28
-
SHA256
94372f1e0c9bfc7f27b8a14556bb5798f97ee6e99d09aa947a4083de12253090
-
SHA512
e120a75223083b6778dedeedae41c2725924361ee7d5ed46d7347da3ee5e62be8eed19b67823c57cf34c87e9ba1ec086dadd16f219025c1a786ca35b7515ed1d
-
SSDEEP
12288:/QmvlM4k7pu8htyW/+pR9mMA49a3irQcq:/fvlM4k7MQyO8RwMA4o3i4
Malware Config
Extracted
remcos
2.7.1 Pro
OSSY
staywoke.ddns.net:2406
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-CNV8T4
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
0688a1a170b1ceb77f9debaac0c3bb79a074fa449afae2644007286af5155643
-
Size
910KB
-
MD5
e96aa966dbb7f91fdcde9d5c5dc4f730
-
SHA1
f24ba1e229a9230f8417b20678ff0991034271d1
-
SHA256
0688a1a170b1ceb77f9debaac0c3bb79a074fa449afae2644007286af5155643
-
SHA512
5fe6ea82d1576010936fbd58a1e1c9fdc4c6ababa940bd8e100b5542119e1f3622d790d7e4f35b6293246d8620f9eb503f2aa20c6a09fc904510696fc9ab8726
-
SSDEEP
12288:cvI/SRZe0WFIQ38UWtwn/8vprceJz5Roy59N7axbIeYPG48SLuk8A1CdY5mQPmdp:cQ3SQ3XWtwn/8vB99mDkeyYQPE29K3
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-