General
-
Target
Purchase_Order_11073530.pdf.html
-
Size
1.2MB
-
Sample
240417-ha1q8she6w
-
MD5
713a11c7c48de78720464658b4886df5
-
SHA1
7ecdc91c4c4a575fd32dbf18a9151beb7cb74778
-
SHA256
904fe8dc88503abd6da4f6c6a5286a59b28519cd8b92ecc89068e7d06a712a1a
-
SHA512
08db144d1703eb9ad84b7f71b9237fef4084cd12ce51495007ea8cf9be0cdf8c702d5b2966e6f0e345d1d469e3f155496ad6086bef8c92b83157cc332d7c094d
-
SSDEEP
24576:iX/y58tPdFM3u+xlY9UPoz+U8i4D8Kt4UnS7/s8RuyK:wp5eUKt9n8k
Malware Config
Extracted
remcos
RemoteHost
nessn.duckdns.org:1984
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
nnws
-
mouse_option
false
-
mutex
Rmc-D1LYYC
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Purchase_Order_11073530.pdf.html
-
Size
1.2MB
-
MD5
713a11c7c48de78720464658b4886df5
-
SHA1
7ecdc91c4c4a575fd32dbf18a9151beb7cb74778
-
SHA256
904fe8dc88503abd6da4f6c6a5286a59b28519cd8b92ecc89068e7d06a712a1a
-
SHA512
08db144d1703eb9ad84b7f71b9237fef4084cd12ce51495007ea8cf9be0cdf8c702d5b2966e6f0e345d1d469e3f155496ad6086bef8c92b83157cc332d7c094d
-
SSDEEP
24576:iX/y58tPdFM3u+xlY9UPoz+U8i4D8Kt4UnS7/s8RuyK:wp5eUKt9n8k
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-