General

  • Target

    nahujtunnels.dll

  • Size

    100KB

  • MD5

    b413fee050bacbf831bc006f0414b6ca

  • SHA1

    ef6aad6bc6443f73a991724355ed74d610b1409b

  • SHA256

    6bda8394101554cfdc4f42dd2e5628f390fd09663571a8d080610aac270ff08b

  • SHA512

    fe813018c1e4a57679c2a4c13e08025715b21ff6f247aab3406d1fc0dbe1d15d3069f13a39e4b3b0b6ad4e598cc71ab3ac990c9fccaf9eb94ec967172807850c

  • SSDEEP

    3072:nhzYTGWVvJ8f2v1TbPzuMsIFSHNThy+JP/P6Ervb:nhzOv2fM13jsIFSHNT7P/P6Qvb

Score
10/10

Malware Config

Extracted

Family

remcos

Version

1.7 Pro

Botnet

Dlscord

C2

shall-someone.gl.at.ply.gg:60408

Attributes
  • audio_folder

    audio

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    10

  • connect_interval

    5

  • copy_file

    Bin.exe

  • copy_folder

    Factorio

  • delete_file

    true

  • hide_file

    true

  • hide_keylog_file

    true

  • install_flag

    true

  • install_path

    %SystemDrive%

  • keylog_crypt

    true

  • keylog_file

    driver.dat

  • keylog_flag

    false

  • keylog_folder

    keyboard drivers

  • keylog_path

    %WinDir%\System32

  • mouse_option

    false

  • mutex

    remcos_bfpmypnbrt

  • screenshot_crypt

    true

  • screenshot_flag

    true

  • screenshot_folder

    Screen drivers

  • screenshot_path

    %WinDir%\System32

  • screenshot_time

    60

  • startup_value

    Windows.Defender

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • nahujtunnels.dll
    .exe windows:4 windows x86 arch:x86

    d3a62971944197f0701c7049a9c739d1


    Headers

    Imports

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.