General
-
Target
2024-04-19_de717951989420c6b9790c9160a23d35_magniber
-
Size
1.3MB
-
Sample
240419-a2vqasbe75
-
MD5
de717951989420c6b9790c9160a23d35
-
SHA1
df8621b3d9fa7e4e1d511d6ff732457aac6a0a1d
-
SHA256
d434e12726aee7ad7378dc4e395dd5f8fba6255546eef9e1dbb51d52d966af2c
-
SHA512
77bdb1c94823c3340082ad5b3ba064cbbd4116758866795053d1b7b0da2f6ba07ad6a94ed8d721aed339a69f5499f0f87406a8dccc64e30aeeb5ef5976c22096
-
SSDEEP
24576:ZQHDm64xrB90l7rjM19qIljCh/qIxjySlfa/JY78NLRAgTE//aZ66z24VZbH:J90NM1gqjEBa/S8NLRdTE/iZ66z24VZb
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-19_de717951989420c6b9790c9160a23d35_magniber.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-19_de717951989420c6b9790c9160a23d35_magniber.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
remcos
ALETEO
abril18.con-ip.com:7770
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-PO8SC5
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2024-04-19_de717951989420c6b9790c9160a23d35_magniber
-
Size
1.3MB
-
MD5
de717951989420c6b9790c9160a23d35
-
SHA1
df8621b3d9fa7e4e1d511d6ff732457aac6a0a1d
-
SHA256
d434e12726aee7ad7378dc4e395dd5f8fba6255546eef9e1dbb51d52d966af2c
-
SHA512
77bdb1c94823c3340082ad5b3ba064cbbd4116758866795053d1b7b0da2f6ba07ad6a94ed8d721aed339a69f5499f0f87406a8dccc64e30aeeb5ef5976c22096
-
SSDEEP
24576:ZQHDm64xrB90l7rjM19qIljCh/qIxjySlfa/JY78NLRAgTE//aZ66z24VZbH:J90NM1gqjEBa/S8NLRdTE/iZ66z24VZb
Score10/10-
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-