Overview

overview

10

Static

static

10

19ed174c61...1a.exe

windows7-x64

1

19ed174c61...1a.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f7e3d03490fce2e39245c55eedf2339a6b9d91f15e454df30445dfce8682a92b

  • Size

    265KB

  • Sample

    240417-rcmrtsah89

  • MD5

    63e0f9ac64b4cc47747497497a3fc72f

  • SHA1

    f06631c3917e4128616aea9acfd5c443df8e4b29

  • SHA256

    f7e3d03490fce2e39245c55eedf2339a6b9d91f15e454df30445dfce8682a92b

  • SHA512

    348894f4c4d1b28672d4ecd7402e1af22d6c80ac33fd1acc30ede548e53992ef76d42f1cfb6138efebd4ea3966318521705a0ff260ccf2c77b308043b5973e96

  • SSDEEP

    6144:7KU5+txXRyaR00ReuzphZAN7e/HMdCdlVZpe9hIutni:77CVVFzS8MdiTpihzw

Score
10/10
remcosmonday without tlspersistence

Malware Config

Extracted

Family

remcos

Botnet

MONDAY WITHOUT TLS

C2

192.3.216.140:52498

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-AYV8LI

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      19ed174c6130af6c22e446b7d87d77c7005bb830c3a1c355a1f1caf7edb82b1a.exe

    • Size

      482KB

    • MD5

      3ad817a53df45721914ff93201460971

    • SHA1

      a4696bc455f95aae9a48740e22bad16cca3f32e8

    • SHA256

      19ed174c6130af6c22e446b7d87d77c7005bb830c3a1c355a1f1caf7edb82b1a

    • SHA512

      3c455deca8ff4dba1a5fb56181ebf4c427a7a4b8d6892fb0f6b987ef19be13874b09b704971656c49e2c0ba3d1229ed7aa176b55c0deff9c166d59a9cfe36949

    • SSDEEP

      6144:0XIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZDAXYcNp5Gv:0X7tPMK8ctGe4Dzl4h2QnuPs/ZD4cv

    Score
    8/10
    persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks