General
-
Target
620_0bb26d35c23eefc1d1274cc6a329cb80b6b2a1c34544be449d543ab54c7e5543.zip
-
Size
1.2MB
-
Sample
240131-hffm9aeac4
-
MD5
b48641b1a1fa7e16a05695a1dda2f38d
-
SHA1
1de03efd4bcdfdbf121efe1cf07900e247048bda
-
SHA256
db693fba3af8102e30e24e41f674280a6791360868ee5f6d9dec373644c4df18
-
SHA512
ffdb4f4505619d316c8a446cd25e82042e288025c7f3541c58f19f097ff8520ca0f610254db94f0aa2f714976a7f7021f446e03cd1755547ad4371862a8c8a24
-
SSDEEP
24576:/lg4bN2IOLplTc04s/U9mDMBhknTFdLbraZYnTJJJvMi1ugqVh8vxG6uDE:qJIOL/Tc04X9eMBhkn3LbrFbei1u9CxZ
Static task
static1
Behavioral task
behavioral1
Sample
0bb26d35c23eefc1d1274cc6a329cb80b6b2a1c34544be449d543ab54c7e5543.exe
Resource
win10-20231215-en
Malware Config
Extracted
remcos
Crypted
172.206.61.17:55642
172.206.61.17:55746
172.206.61.17:55867
172.206.61.17:55733
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
cocs.dat
-
keylog_flag
false
-
keylog_path
%UserProfile%
-
mouse_option
false
-
mutex
yumaos-LF3MUZ
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
- startup_value
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
0bb26d35c23eefc1d1274cc6a329cb80b6b2a1c34544be449d543ab54c7e5543
-
Size
2.0MB
-
MD5
ebbdf54edef4a90dcfc6ec11e8eeddbb
-
SHA1
06a846b87c073e398876e12ad4c28648395d3fc2
-
SHA256
0bb26d35c23eefc1d1274cc6a329cb80b6b2a1c34544be449d543ab54c7e5543
-
SHA512
dc05aeba04e62afc26fb84416c12da64b7e4d95b7b8e8f33f46feaf386d54269f4e75594b17520527d9ea925c3d25ee23264c720b15bd22ee3f6b042d09a0b59
-
SSDEEP
49152:pqAodhXjnxf2hd7c7mvrq0gOPoaF5P0R:pqAo2hd7Ymu0gO5uR
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Creates new service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1