General
-
Target
4ea7ab88b5127c37a343f3a7be7d184ce36b8086d0eede593418be394d2f0e06
-
Size
834KB
-
Sample
240417-rnc2rsda7z
-
MD5
dfa6b1c1db071523eab9c6d00907b52e
-
SHA1
5c1a3fe0d6345d97ba93a3d1519a6df6b20e047e
-
SHA256
4ea7ab88b5127c37a343f3a7be7d184ce36b8086d0eede593418be394d2f0e06
-
SHA512
66a7617ce6659698bd40ca5352e56f475f21ea42c93b3d8c3b143d06a6161fb67b8de7faf961d1c04e588d6e414f4d3e8226127e9a295f851bf3c6bb3805c211
-
SSDEEP
24576:V07yKmQ8wSwy0og7Rx6ifIDvEvZ9DLEUwp:y7yKYwvouxQvEvLLERp
Static task
static1
Behavioral task
behavioral1
Sample
1a5e416c52c05aa813b4baaeddf2a13945fc20d667c13fbafe4e52d73ce17292.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1a5e416c52c05aa813b4baaeddf2a13945fc20d667c13fbafe4e52d73ce17292.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
Platymeria/Udraabsordets.ps1
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Platymeria/Udraabsordets.ps1
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
Scotches.app
Resource
macos-20240410-en
Malware Config
Extracted
remcos
Bro
trfsgysu28opask01.duckdns.org:9702
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
mziseotosg.dat
-
keylog_flag
false
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
mbvieortc-RKDCUR
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
- startup_value
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
1a5e416c52c05aa813b4baaeddf2a13945fc20d667c13fbafe4e52d73ce17292.exe
-
Size
951KB
-
MD5
01fe5e5c4b48be008eaa91ec7e6f2c5a
-
SHA1
d99ffa5535eb4d9399aa85fe5af77028cadaaa85
-
SHA256
1a5e416c52c05aa813b4baaeddf2a13945fc20d667c13fbafe4e52d73ce17292
-
SHA512
80872c8251ce2cfc1550a7bb272a2f8ef6976eb1b1615a14fc53b4748d62c3f0749f38fa99df3e2c8641ba3ef54567ca6cf867ee4714999f04c72089bb5d24f3
-
SSDEEP
24576:ycx2DOGnZwpLrYRJBDwbFZ+9ND/2oKRMiYaSHVDfZ:ycx3GerKfED+uoKR3YaMVDfZ
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Platymeria/Udraabsordets.Lia
-
Size
51KB
-
MD5
26cd7d4a866ed00259c14fd3b49db0ba
-
SHA1
e673f01ca0a7f868763efa179040855d624bf788
-
SHA256
ec23b8ccd7b12f810e9ebc31ae5bb5d6a1f5e4eea41405cb19e74dc099eea6bb
-
SHA512
a5379755573c631456aa6b15917673f026938cc0bab20d5486bb32543b54a79e69f64b70d9f8ab485f138561a024be41b7830def388c24a1fdbe745c46f544dc
-
SSDEEP
1536:4CpmfTVSL++Nq8rRPT8VwJWITjvHkAMLGu1FhOtq7R:bmxSL++NqQ17JWAvHMq0Ey
Score8/10-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Scotches.App
-
Size
334KB
-
MD5
111510302e6d3db7a95aa3bbc22da619
-
SHA1
61ed4d0fb44c0219d3525efabbdc4fd1efa8d6f9
-
SHA256
8b1079d62c7307739df4f300d2eff507847bcb237c78f4143047074e716ae78f
-
SHA512
93a030d749968f2a9ba3f909b9d81d4490c4eaf958986d10bc6f5d9e29f47a55cdffe6c3e9fbbf7ea6244a2010315abbfd273b18d0cbd1f3eceac81acc455ffa
-
SSDEEP
6144:OTYGj0Lv88TxjUPpoHO2t9boR6+8Br4o7wn5t+XW7FUKEquZVmmYu83MTpy7f:h4WUCWPpoHjtVoI+8Bo5t+CWqDJBCyL
Score1/10 -