General
-
Target
eac95a52ac634d3ea75387201a2c749c.bin
-
Size
1.2MB
-
Sample
240405-cdbnmahh46
-
MD5
67741965ecf15044427d45d085cab05c
-
SHA1
85f6f3ef0346d4d5bd12e5d8c2feda16e9921dc1
-
SHA256
e53f9093901d793921b102b1cae2d87b2cf71c70e6995d2baabdb17190d33266
-
SHA512
f22edd066cf68eebdeb04d5c8b02fb2a41df976f7ccc11f814cbf1adccda10e8480a002fdff9d52ef059bd31c79f2a21669f04db8e00564f7426021c8598f455
-
SSDEEP
24576:givO2Fietz5Dv4eMGc1UmTZEUpcbqO0De59fKCTeyR3TVhChQvk:giFFPtzF47ZEUUqhDoXTtRJh9k
Static task
static1
Behavioral task
behavioral1
Sample
f7f1798e3d66880f2cb35f6764a1c32902abb3ce7ceafe0bc049496ca9161e63.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f7f1798e3d66880f2cb35f6764a1c32902abb3ce7ceafe0bc049496ca9161e63.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
remcos
RemoteHost
127.0.0.1:45671
127.0.0.1:55677
192.3.101.8:55677
192.3.101.8:45671
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-2P1XPK
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
f7f1798e3d66880f2cb35f6764a1c32902abb3ce7ceafe0bc049496ca9161e63.exe
-
Size
1.6MB
-
MD5
eac95a52ac634d3ea75387201a2c749c
-
SHA1
e808ef56d1b382b1e01e16af299a548cb038f52c
-
SHA256
f7f1798e3d66880f2cb35f6764a1c32902abb3ce7ceafe0bc049496ca9161e63
-
SHA512
6ae5883a1cb8aaa42abc0c8bbfeba2715086ec39ad2028937600b2c925b3093070a72531e4e5abf2d4dafb00bcbab8c2fd5f97aae590dd87645befc27701d346
-
SSDEEP
49152:ay6imwGhfj4GBT2z95Zw/L+gwnzFnwyuPTh:azimw4f8iSuD+g
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-