General

  • Target

    text5.zip

  • Size

    258KB

  • Sample

    231212-tj5x4aheh7

  • MD5

    415028e8f9e2363db1c4db0c93551e94

  • SHA1

    56a2b8a86ffdbaced2a948f5d616d2d3cafc0b5a

  • SHA256

    dfe9af457bdd92ee844a8ea313f6c04d10f6d53c62fa42f395b3da803fa0ca9b

  • SHA512

    f0390672da5626280f8ea0223a45b30e4a31021725a3d36f312b42bf428c5435cb440eaaa65badfffdd5d0d41c74214dc91ee44494ab548fa95006ef794df429

  • SSDEEP

    6144:TNIPAZFpuuBBv4y762HTsbchFVxD6dEEyuB/kEh5l5ECrs30+A:REAZF9LvVu2zAcHVxDZyBsE5lIkn

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

rdm.accesscam.org:8080

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-2OASEE

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      text5.exe

    • Size

      483KB

    • MD5

      d1730eb57f42aa499a0f39f4564d0d5c

    • SHA1

      d48d38c4bdf637cf044c4cde6dfd983c4e1bdbc9

    • SHA256

      30c8023ef8f090852820c238cd3195c695ed12fbb638d352708f337556dc341f

    • SHA512

      fd5471d0aac7d6aa5addb83c3a1c42bf7dc4d0c32dbc0c22e28aff411b124dede19323eb723d1c3d8376ce9da41c5b4eac523d5217a979b3e3c6c4d186398911

    • SSDEEP

      6144:C/7iPrcL3ArwhBq7Kjsn9iHGXg0lwGS9MNNhdFvPxps9gsAOZZuAXec7Z7ov:C/uPq3AfK496Gw0lwGXN3pvs/Zu08v

    Score
    1/10

MITRE ATT&CK Matrix

Tasks