Overview

overview

10

Static

static

3

Loops for ... I.exe

windows7-x64

10

Loops for ... I.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loops for ACID - The Fish Heads - Techno Synth Loops I.zip

  • Size

    1.7MB

  • Sample

    230614-hcpfzsdg5x

  • MD5

    bf198d2e336ab5eb6c00e164dc2742c4

  • SHA1

    4f2b1cf6104a57c0d4f453cae94f19fd52e9f997

  • SHA256

    13dd11b3e53b4f4def0c6001cc53f4f045da686b185d8b0173596183e4304337

  • SHA512

    e519d22a5d8e1eef18b75489bd6804137059118c3ede4f4b68fda7df923d9773f9df435727e89c949184bcbb0fce4f5d3425d9f907851a4768ced3192f5d7c81

  • SSDEEP

    24576:qPWaUHkWeRD18HtWsAIMnRnIoV+fvdEUkjLrczYaeMUkkBWxmOaacfuk76Ck7mYO:g1UEQHfMRnpV+NaPrczY/ekYaZiRW5

Score
10/10
remcosusenetpersistencerat

Malware Config

Extracted

Family

remcos

Version

2.4.7 Pro

Botnet

USENET

C2

ctbcbk.us:2404

Attributes
  • audio_folder

    MicRecords

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    sjn7z137u8193.exe

  • copy_folder

    j7u82jio1

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    rem

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    USE72s-DE7MR0

  • screenshot_crypt

    false

  • screenshot_flag

    true

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    shuu821k23k

  • take_screenshot_option

    true

  • take_screenshot_time

    5

  • take_screenshot_title

    electrum;wallet;bitcoin;crypto;exodus;bitcoin wallet;ethereum;advcash;authy;google authenticator

Targets

    • Target

      Loops for ACID - The Fish Heads - Techno Synth Loops I.exe

    • Size

      1.7MB

    • MD5

      174186df70e4b6a5954b8e83d9b9c0ae

    • SHA1

      4d8147d8be5e02e62bf6bce97847899a51175c63

    • SHA256

      150aeb0ee665a8563dcd2a54ce11d4afa1ef4afd58b3ccd174de2e48279a3dea

    • SHA512

      c1f2986d270d6aa39e874b9acad2054ffedae8db09d1e3a5adc5d3d39b20942ac29d6547c7cad0e2b6e045756b665d5de47067879bc2d0b2117bc64e0528c735

    • SSDEEP

      24576:MvWQq7wCeR71MJtcYAe4nJn+InCfvnEUujLr6zOaeyUgC3W3UIKac3ucFSkkNMYL:Ulq0gJx4JnhnCX0Pr6zO/ICEKzqHcc

    Score
    10/10
    remcosusenetpersistencerat

    • Modifies WinLogon for persistence

      persistence

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks