Overview

overview

10

Static

static

1

rooming list.exe

windows7-x64

10

rooming list.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    88621ae4a26129a6043d8ce76550b766840784af1516b45d7cafefb4a8a85c16.zip

  • Size

    529KB

  • Sample

    230308-ngwnrafd7z

  • MD5

    f83f41de20061fdf7084a31a07fc81f8

  • SHA1

    fd01fc855a3d23259fcc0c13d857c013772ef5e5

  • SHA256

    24c703c4dd50f019ecc8d261702a339ea8bb5f83d8187228ea561a320568c9a7

  • SHA512

    ed59f0eda751b55f12b6cdcd706fc98cceba2f13816ac0278d4a8f59e6409e2ab4fa583da52984a2d1c6a7ea97c4c7d5dd7eeee6d28c674237340ee682cabd45

  • SSDEEP

    12288:MqKQ4gRU1Loih2C271ug5EEddDPZySRCf6XfJDf6:MqKcmc3Cez53rRC0fJDf6

Score
10/10
remcosmachierat

Malware Config

Extracted

Family

remcos

Botnet

machie

C2

logzhome.mywire.org:2404

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-QI94R6

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      rooming list.exe

    • Size

      300.0MB

    • MD5

      16500be6641b3826354c8a2c8bc42a3e

    • SHA1

      b557c2d8036db807611414891523eb09318d7630

    • SHA256

      e4a386d2f0204e9f58187dcd4ea1d0670bc5369fbbb5b60056090441348368b2

    • SHA512

      4b1422be191b6fc7884ae131da1044b01ee6fec73f8390995e644f114281c072cf1b0c41a08c9b39b9ae4577ada2a33842caf632d52184e1eeb5525728bf1bff

    • SSDEEP

      12288:YvCEz4cRx+MHXCa/TaBCT0v+yAQqjLzy/xXpurm+:YdEHSC8WB00vlAQqH+/lpu7

    Score
    10/10
    remcosmachierat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks