Pesanan baru _WJO-001 .pdf.exe

General
Target

Pesanan baru _WJO-001 .pdf.exe

Size

632KB

Sample

210914-gpx38afad5

Score
10 /10
MD5

bf6a798b660cf0bb29c71851f99ee5b1

SHA1

384a8ce3aa42497dc25f792c26c16b6bbcc7fc7d

SHA256

3db6f9eeae032f4946fd5aa5816524f0fcfd4187f4e781721bad0bd16aa48067

SHA512

7209aa7206585a591105270db3037dc292bdca4aa6e44f2a7a832ecb75489f2a55c23a6281091227a63abdd884fd52c444d1cb99bf1c355de05c91990edb9a1f

Malware Config

Extracted

Family remcos
Version 2.7.2 Pro
Botnet XXXXXX
C2

wealthgod456.ddns.net:4479

Attributes
audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%AppData%
mouse_option
false
mutex
Remcos-QSXTII
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
wikipedia;solitaire;
Targets
Target

Pesanan baru _WJO-001 .pdf.exe

MD5

bf6a798b660cf0bb29c71851f99ee5b1

Filesize

632KB

Score
10 /10
SHA1

384a8ce3aa42497dc25f792c26c16b6bbcc7fc7d

SHA256

3db6f9eeae032f4946fd5aa5816524f0fcfd4187f4e781721bad0bd16aa48067

SHA512

7209aa7206585a591105270db3037dc292bdca4aa6e44f2a7a832ecb75489f2a55c23a6281091227a63abdd884fd52c444d1cb99bf1c355de05c91990edb9a1f

Tags

Signatures

  • Remcos

    Description

    Remcos is a closed-source remote control and surveillance software.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10