Overview

overview

10

Static

static

3

f2fe3aa0d2...8e.exe

windows7-x64

10

f2fe3aa0d2...8e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    283fd9269a10ccbdff570c87ca0739b53f9b1cfb65309647bb6370ac3bddf5ec

  • Size

    765KB

  • Sample

    240417-q1geaabf9y

  • MD5

    ea11b6f140a028c4e7269838f7d0222f

  • SHA1

    4226d136df72b818d894058ee916d966280986d3

  • SHA256

    283fd9269a10ccbdff570c87ca0739b53f9b1cfb65309647bb6370ac3bddf5ec

  • SHA512

    b06014f16ef01237dbac932d5837d3bef5a5567d504b4aa194c32c206388b39774313a661c2ca527dcf155c13ac3b98019fa515f7eaf0545fc5731901ace8d9d

  • SSDEEP

    12288:R/9U2AJ6oPfNTjeJ281VV3oCUVS/eTAb5NggFC33nfwvmP0TOer8mrVH/x:R/hAJ6QN+wACv0Fb5NggFgSmP0TOG8m7

Score
10/10
remcosadmepcrat

Malware Config

Extracted

Family

remcos

Botnet

Admepc

C2

darkotemplar.sytes.net:1999

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    admepc.exe

  • copy_folder

    Admepc

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    admepc

  • mouse_option

    false

  • mutex

    Rmc-SETMPC

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      f2fe3aa0d244d7f17610042ee41aaa3eff40b1a349b43f317ff92f6ec5b7608e.exe

    • Size

      989KB

    • MD5

      5d4a1543df1e7ee3ec6393b7f2e9435c

    • SHA1

      f57d0fbb8a3c5f96486b87bfeb56c9ee140faca9

    • SHA256

      f2fe3aa0d244d7f17610042ee41aaa3eff40b1a349b43f317ff92f6ec5b7608e

    • SHA512

      7e56907cc86e423bab6bc02661ca8ba7787ed5fe412a226a326a97ed115c3b9da03f2ef6ec603fcb6f2b561be31487ec252d337c68791079b0ffe85e03312e78

    • SSDEEP

      12288:ppahc5Gs5eiBq7rdlsOkbSFRUx4rbFY4Qo/g7bmGhiqZr8JqkOMbpceiLz1dl:pZci87Hs5bRkQommGQKJWpBiZ

    Score
    10/10
    remcosadmepcrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks