General
-
Target
11042024_2103_11042024_099920918271827.zip
-
Size
410KB
-
Sample
240411-qaw22sca44
-
MD5
363bec3ceac0f2cf8aa3ea4a7d28695c
-
SHA1
dbd974d4896c62eefada52a7dde45a0906d29579
-
SHA256
1f596e6501e1d95c29f80c9bbb4303746be62877626b558044b1f1421c1abf25
-
SHA512
bbf5667a5945ae40bb65307bef04d5a674d100ecad0ab0adc19ebad48c9ddb3c2df1a9032ce1ad87f87871f34dba5604bd429233526f66b01685997de57b9f2b
-
SSDEEP
12288:DU2oJcAr43cNAeawI3PnhNGNT3B+/J2Hh:DJocA0rLvhNGN1+AB
Static task
static1
Behavioral task
behavioral1
Sample
099920918271827.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
099920918271827.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
remcos
RemoteHost
page4work.mywire.org:5020
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
sjype.exe
-
copy_folder
skype
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%WinDir%\System32
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-H3YHZ8
-
screenshot_crypt
false
-
screenshot_flag
true
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
099920918271827.exe
-
Size
932KB
-
MD5
2859880cacffe0f22132b768e1354544
-
SHA1
efcc8c662c08e7bf418ce62e8da638749ec4d3fe
-
SHA256
3e47005361fcb7d521a6a0bda91114651b38e2bd93f25ec1d9af3a6894ae986c
-
SHA512
4992958d1f22ad5708405c0faac632afa10f0dc3712cd3df3c5f87b26a12016ff47f9c4793ca97b8ed7b3a1ffa3433007ab0fc8b62865186ad91d1a880250ebd
-
SSDEEP
12288:GQFabixbJKUhs9RPDL4LZdcwzX2Hs/05fVxNKCJ8itDSC/R+Cm4huh:GoWyJKUhs9xLcTQHjdACJ8ixSKRbu
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-