General

  • Target

    2024-04-22_78373b185e4b410b76531ba35d1e521c_magniber

  • Size

    2.3MB

  • Sample

    240422-bstbjsdh2y

  • MD5

    78373b185e4b410b76531ba35d1e521c

  • SHA1

    8877348c888ef1ad1b4cd7bc8651977be8ae9335

  • SHA256

    3846a3f073e8dd0a8b54ad2c406795e75e6316a37565c5a7fa3b3be9ce5d8fcd

  • SHA512

    9a7cefe296e3b83863eb9e43ee7f83f60b5c642ca74df5fbf3141cb3293fbd3afcd96f8ad876a55c13991b4c41a71896cb32e65295bce46e7d1cde15777a58bd

  • SSDEEP

    49152:KCtI+vNrL3ctRG8Lnh5pkjamjYNexTKNPd/PAbkzSYl+aFUUhf3LIE3VEalMlrMF:Ky1oL33VEallIgUCxx

Score
10/10

Malware Config

Extracted

Family

remcos

Version

4.9.3 Light

Botnet

RemoteHost

C2

127.0.0.1:2404

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-52SPIJ

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      2024-04-22_78373b185e4b410b76531ba35d1e521c_magniber

    • Size

      2.3MB

    • MD5

      78373b185e4b410b76531ba35d1e521c

    • SHA1

      8877348c888ef1ad1b4cd7bc8651977be8ae9335

    • SHA256

      3846a3f073e8dd0a8b54ad2c406795e75e6316a37565c5a7fa3b3be9ce5d8fcd

    • SHA512

      9a7cefe296e3b83863eb9e43ee7f83f60b5c642ca74df5fbf3141cb3293fbd3afcd96f8ad876a55c13991b4c41a71896cb32e65295bce46e7d1cde15777a58bd

    • SSDEEP

      49152:KCtI+vNrL3ctRG8Lnh5pkjamjYNexTKNPd/PAbkzSYl+aFUUhf3LIE3VEalMlrMF:Ky1oL33VEallIgUCxx

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks