General
-
Target
ref_00291882384892.Tar
-
Size
4.3MB
-
Sample
240422-kxavfahg7t
-
MD5
c8fdfa945b7dc102ca8f87517b9ba689
-
SHA1
fef870465c320eca6244087e747afb1a236a3cb1
-
SHA256
9cf9c777a12e0620c1983d5e1790d6957bb3a713c6d5b569334fe18b99df0870
-
SHA512
e553670df986ccd8e2a3a5122836b53389d347fe77af5c80247098a17d86c8c0634140f378ff8ba960ecd5f9115e15cede75aff6d6d467ba903330ba9803fdf5
-
SSDEEP
49152:THZjpt3K90OHGHS/jltrYcZ4t6CgGP9KUJM0tDNm5Rg4/VuqK1BdeW9e6X:p
Malware Config
Extracted
remcos
Future2025
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remi
-
mouse_option
false
-
mutex
Rmc-RFUXJL
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
ref_00291882384892.CMD
-
Size
4.3MB
-
MD5
23f87d5ed3ef12efda90bf6ba82e2bd6
-
SHA1
ec451f0de91170a6702547159ef9d189c85d1018
-
SHA256
c3cffa55b7f7c7f80dd9302c3796b7bce79102ae75e4592d84d165aadf9c0743
-
SHA512
d849eccfe99697ebeb058f7817af13873e3eeb73fcb78ad8eeb5a6fec89b269533a6e296d53625e69546fce6e0e6942ebe8cb08f5db0a5aadaad3ff23719cd53
-
SSDEEP
49152:fHZjpt3K90OHGHS/jltrYcZ4t6CgGP9KUJM0tDNm5Rg4/VuqK1BdeW9e6P:9
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-