General
-
Target
9d478706088dbb8d5dd3a0a5929fb1ac.dat
-
Size
1.2MB
-
Sample
230521-ps5lgaab78
-
MD5
9d478706088dbb8d5dd3a0a5929fb1ac
-
SHA1
6477a5b6881069a1adc79e4f4d8b81441b50b9f9
-
SHA256
672d0d85144697e90d3d1e2c22d1a12c05085838c7f71a4973593400bddbe92d
-
SHA512
427a66c62fb9ec5a5d906c44d5973512a8b6a59935b528c80053cbd4459c79f01feb449d11258a005439737bfc8dbbcac46446d4dc544533cb6b033c14c89c0a
-
SSDEEP
12288:ZwU+YPHr4rE/NZYAVM6Gw3F7NeiugicyPjDjPVRnR11qb:ZlB/YNpw17NNugihDDPRXqb
Malware Config
Extracted
remcos
1.7 Pro
Host
churchboy2.ddns.net:2404
churchboy9.ddns.net:2404
churchboy19.ddns.net:2404
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
jhgcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
peoyqijw
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
INVOICE_.EXE
-
Size
691KB
-
MD5
8127e66425f32e91d5f8c2a886ac7ba3
-
SHA1
1ecf360af1fec8126558c99b9ce57da037a948a6
-
SHA256
9c17a5f35030aefa2086fdf89a91d113d66f98ad3d6abdf2fdf8512d8514ad3b
-
SHA512
55ff6332db7f4b2056a82e6ff35087f7ba92077e563cc5cccc7ec10f83bd710de2894beded617765095b5d67d00c0ec631445f9d32204226b85ca63dcc8574bd
-
SSDEEP
12288:kwU+YPHr4rE/NZYAVM6Gw3F7NeiugicyPjDjPVRnR11qb:klB/YNpw17NNugihDDPRXqb
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
ModiLoader Second Stage
-
Adds Run key to start application
-