Resubmissions

05-04-2024 17:34

240405-v5s14aae96 10

05-04-2024 17:30

240405-v29vfaaa3w 10

General

  • Target

    RemBuild.exe

  • Size

    483KB

  • Sample

    240405-v5s14aae96

  • MD5

    969cc7009c2bfae610c9f03fb1b62b6a

  • SHA1

    fd4f4467cff9873582038665bfc2da97b5c7c6a2

  • SHA256

    b6fa0443564d16a046341addae783cdd610aa5eace7135153c141eda7dc7fa64

  • SHA512

    c080a1f6ffa0ff4991cce29f49e6e5c717d8bd99e0d5c1ee35ce68aa9780093130c3f0f15af67f53399759401d9889c28473c377f2b253b69ad9c5ec2ca01313

  • SSDEEP

    6144:WXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZDAXYcNS5Gv:WX7tPMK8ctGe4Dzl4h2QnuPs/ZDXcv

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

127.0.0.1:2404

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-02BD5R

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      RemBuild.exe

    • Size

      483KB

    • MD5

      969cc7009c2bfae610c9f03fb1b62b6a

    • SHA1

      fd4f4467cff9873582038665bfc2da97b5c7c6a2

    • SHA256

      b6fa0443564d16a046341addae783cdd610aa5eace7135153c141eda7dc7fa64

    • SHA512

      c080a1f6ffa0ff4991cce29f49e6e5c717d8bd99e0d5c1ee35ce68aa9780093130c3f0f15af67f53399759401d9889c28473c377f2b253b69ad9c5ec2ca01313

    • SSDEEP

      6144:WXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZDAXYcNS5Gv:WX7tPMK8ctGe4Dzl4h2QnuPs/ZDXcv

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks