guloader | 75ef5c2c26d3ccc5719073b3a6f2e1a3124843ef91bf5b65f7afdab4a90f9d8d | Triage

Submit
Reports

Overview

overview

Static

static

3

75ef5c2c26...8d.exe

windows11-21h2-x64

Sharing

General

Target

75ef5c2c26d3ccc5719073b3a6f2e1a3124843ef91bf5b65f7afdab4a90f9d8d.exe
Size

474KB
Sample

240129-jla6dsefbn
MD5

25ba729a1538d68ad33fe36ca0548181
SHA1

1f87157d8d29b9d40b0e1ad6eb4617ba684c8f1a
SHA256

75ef5c2c26d3ccc5719073b3a6f2e1a3124843ef91bf5b65f7afdab4a90f9d8d
SHA512

86816fb6b3157e397a43828fcdc8dd7c0488ad7e634c49ecd13c12e28c0a88872f40c50287a4a01200638906a6781c6a38f6349374dc91b3c3c6f1ba5dfefbf9
SSDEEP

12288:6a7r+1Jt7W+FFqQ5xrW2nPD4EdaMAboDO:Fr+1T7W+7q+CCP8DqO

Score

10^/10

guloader remcos 2024 collection downloader persistence rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

75ef5c2c26d3ccc5719073b3a6f2e1a3124843ef91bf5b65f7afdab4a90f9d8d.exe

Resource

win11-20231215-en

guloader remcos 2024 collection downloader persistence rat spyware stealer

windows11-21h2-x64

20 signatures

300 seconds

Malware Config

Extracted

Family

remcos

Botnet

2024

C2

72.11.158.94:1604

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
vexplorers.exe
copy_folder
vexplorers
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
true
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-800RNZ
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  75ef5c2c26d3ccc5719073b3a6f2e1a3124843ef91bf5b65f7afdab4a90f9d8d.exe
- Size
  
  474KB
- MD5
  
  25ba729a1538d68ad33fe36ca0548181
- SHA1
  
  1f87157d8d29b9d40b0e1ad6eb4617ba684c8f1a
- SHA256
  
  75ef5c2c26d3ccc5719073b3a6f2e1a3124843ef91bf5b65f7afdab4a90f9d8d
- SHA512
  
  86816fb6b3157e397a43828fcdc8dd7c0488ad7e634c49ecd13c12e28c0a88872f40c50287a4a01200638906a6781c6a38f6349374dc91b3c3c6f1ba5dfefbf9
- SSDEEP
  
  12288:6a7r+1Jt7W+FFqQ5xrW2nPD4EdaMAboDO:Fr+1T7W+7q+CCP8DqO
Score

10^/10

guloader remcos 2024 collection downloader persistence rat spyware stealer
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderremcos2024collectiondownloaderpersistenceratspywarestealer

© 2018-2024

Terms | Privacy