General
-
Target
a47cff2825b81ebb3fd73114f85c07dc329fb276553bced4073284268b9a466c.exe
-
Size
1.0MB
-
Sample
240327-c2pkdsdg6w
-
MD5
17be48158d8577d888c1f248f2e7276e
-
SHA1
516f672258bc7d1e27f0f6a27b2e9fdd89ebc35d
-
SHA256
a47cff2825b81ebb3fd73114f85c07dc329fb276553bced4073284268b9a466c
-
SHA512
b14e4b6eebff1af98de7753a51419a9dfc5b001d8c5ea189a94dcd6f23690502f6f0c023db41d3f39e7f5499f6b1d067acde000d5f286bdc544637234e73fa5f
-
SSDEEP
24576:zedR2jASc+UXeVlQ5MZivl+tmj2phn4RCfZ+k27/pveGwi:zeIc+4kQOQ9qmj2ph4vk2Nmhi
Static task
static1
Behavioral task
behavioral1
Sample
a47cff2825b81ebb3fd73114f85c07dc329fb276553bced4073284268b9a466c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a47cff2825b81ebb3fd73114f85c07dc329fb276553bced4073284268b9a466c.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Stemningsmenneskerne/Benediktion/Acatery/Debrief.ps1
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Stemningsmenneskerne/Benediktion/Acatery/Debrief.ps1
Resource
win10v2004-20240319-en
Malware Config
Extracted
remcos
Special
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
lonjoup.dat
-
keylog_flag
false
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
lpereits-FZGND0
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
- startup_value
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
a47cff2825b81ebb3fd73114f85c07dc329fb276553bced4073284268b9a466c.exe
-
Size
1.0MB
-
MD5
17be48158d8577d888c1f248f2e7276e
-
SHA1
516f672258bc7d1e27f0f6a27b2e9fdd89ebc35d
-
SHA256
a47cff2825b81ebb3fd73114f85c07dc329fb276553bced4073284268b9a466c
-
SHA512
b14e4b6eebff1af98de7753a51419a9dfc5b001d8c5ea189a94dcd6f23690502f6f0c023db41d3f39e7f5499f6b1d067acde000d5f286bdc544637234e73fa5f
-
SSDEEP
24576:zedR2jASc+UXeVlQ5MZivl+tmj2phn4RCfZ+k27/pveGwi:zeIc+4kQOQ9qmj2ph4vk2Nmhi
Score10/10-
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Stemningsmenneskerne/Benediktion/Acatery/Debrief.Erh
-
Size
60KB
-
MD5
8a020d056888bc2e76f410b15cd74c0d
-
SHA1
fdc2db0e49f4d6a53cb50dd635ce4a9eb4d7d386
-
SHA256
f14119ff33304d57e1134e84bc80b3f210f3b86cb79c38d28bc170eef0706ca5
-
SHA512
b9aae55d87a635537fc3c9b298e8ad8efb1e0239244b997465a28dbca689c2f5d52c9e9feaa9ade242558344c057c503a892d5d9542bc53075e12e7d36962d10
-
SSDEEP
768:pw6Z+CB0+E5YTbPbM2+AJDBl/7NIcepwjuOIAcR7HfJxpNDrkeGm8+4M6BbvsLGh:plZKzYXA2r4wKOGzXHDrQeLGCoFn
Score8/10-
Modifies Installed Components in the registry
-