Overview

overview

10

Static

static

Remcos Pro...22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Remcos Professional Cracked By Alcatraz3222.zip

  • Size

    17.3MB

  • Sample

    220828-tyedpachc8

  • MD5

    ea3fd7407073aae0205a02f10c1f826f

  • SHA1

    aeb5a674da5bbdea4e1b42470e6e059b730b88a6

  • SHA256

    bdb96b7a1a75fa4f56d1b1f922d80f029c12df21df49cbbfd1f2a3175d604195

  • SHA512

    bf69f80a585eed54b599cb5adf285ca0576650b275daef6e502eae2d564906950cb4a13821b67325bc1c2ba0ca6436401f562c279cc42d3590e0f8becfec028f

  • SSDEEP

    393216:2+Y8LpIcxbEWd4rSrwcJY2sG1l/TTwizV1iBLzCoa+++OvPrTy:/yMwWqrXc+G1l7TwiRI9z8++TTy

Score
10/10
njrathackedevasiontrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

dllsys.duckdns.org:3202

Mutex

3b570ffeeb3d34249b9a5ce0ee58a328

Attributes
  • reg_key

    3b570ffeeb3d34249b9a5ce0ee58a328

  • splitter

    svchost

Targets

    • Target

      Remcos Professional Cracked By Alcatraz3222/Remcos Professional Cracked By Alcatraz3222.exe

    • Size

      17.7MB

    • MD5

      efc159c7cf75545997f8c6af52d3e802

    • SHA1

      b85bd368c91a13db1c5de2326deb25ad666c24c1

    • SHA256

      898ac001d0f6c52c1001c640d9860287fdf30a648d580e9f5dd15e2ef84ab18e

    • SHA512

      d06a432233dceb731defd53238971699fef201d0f9144ee50e5dd7d6620dfdd6c298d52618bf2c9feb0519574f4565fb0177b00fd8292768fbd8b85dd11e650d

    • SSDEEP

      393216:GYuGvp8EHb+in8f4Zg41+Q4AXf5ZZcyfHDMxVpSc+q+eOFxdx:3mqSi8fN4sAXfrZcyfo7p0eYHx

    Score
    10/10
    njrathackedevasiontrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks