ConsoleApp2.exe

General
Target

ConsoleApp2.exe

Size

38KB

Sample

211021-nsvwlaaca8

Score
10 /10
MD5

6b0c8dc28ebc349b2b360dc92f2b6ed2

SHA1

f9491e07725f29e5852c501f99c87319ca5b1201

SHA256

ec3d28f2132d699e7efe8ee2139e3df6fde94e8859402bec216f17d0e55b0bfc

SHA512

8febb5532529cc43215f75926b5c03cbdc63f04b3f5dabdf18453071cf5cc2a56c874f083ec94720044d1937d7eaba037b2de657952f1675d907794a7e37c29e

Malware Config

Extracted

Family remcos
Version 3.3.0 Pro
Botnet Grace2
C2

orozco-fax.home-webserver.de:8932

Attributes
audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
iouyts.exe
copy_folder
iuyt
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
install_path
%AppData%
keylog_crypt
true
keylog_file
6yuigs.dat
keylog_flag
false
keylog_folder
oiuyt
keylog_path
%AppData%
mouse_option
false
mutex
jhgfiuyt-QMLKNN
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
poiuy
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
notepad;solitaire;
Targets
Target

ConsoleApp2.exe

MD5

6b0c8dc28ebc349b2b360dc92f2b6ed2

Filesize

38KB

Score
10 /10
SHA1

f9491e07725f29e5852c501f99c87319ca5b1201

SHA256

ec3d28f2132d699e7efe8ee2139e3df6fde94e8859402bec216f17d0e55b0bfc

SHA512

8febb5532529cc43215f75926b5c03cbdc63f04b3f5dabdf18453071cf5cc2a56c874f083ec94720044d1937d7eaba037b2de657952f1675d907794a7e37c29e

Tags

Signatures

  • Remcos

    Description

    Remcos is a closed-source remote control and surveillance software.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10