General
-
Target
2024-04-22_78373b185e4b410b76531ba35d1e521c_magniber
-
Size
2.3MB
-
Sample
240422-bstbjsdh2y
-
MD5
78373b185e4b410b76531ba35d1e521c
-
SHA1
8877348c888ef1ad1b4cd7bc8651977be8ae9335
-
SHA256
3846a3f073e8dd0a8b54ad2c406795e75e6316a37565c5a7fa3b3be9ce5d8fcd
-
SHA512
9a7cefe296e3b83863eb9e43ee7f83f60b5c642ca74df5fbf3141cb3293fbd3afcd96f8ad876a55c13991b4c41a71896cb32e65295bce46e7d1cde15777a58bd
-
SSDEEP
49152:KCtI+vNrL3ctRG8Lnh5pkjamjYNexTKNPd/PAbkzSYl+aFUUhf3LIE3VEalMlrMF:Ky1oL33VEallIgUCxx
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-22_78373b185e4b410b76531ba35d1e521c_magniber.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
2024-04-22_78373b185e4b410b76531ba35d1e521c_magniber.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
remcos
4.9.3 Light
RemoteHost
127.0.0.1:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-52SPIJ
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2024-04-22_78373b185e4b410b76531ba35d1e521c_magniber
-
Size
2.3MB
-
MD5
78373b185e4b410b76531ba35d1e521c
-
SHA1
8877348c888ef1ad1b4cd7bc8651977be8ae9335
-
SHA256
3846a3f073e8dd0a8b54ad2c406795e75e6316a37565c5a7fa3b3be9ce5d8fcd
-
SHA512
9a7cefe296e3b83863eb9e43ee7f83f60b5c642ca74df5fbf3141cb3293fbd3afcd96f8ad876a55c13991b4c41a71896cb32e65295bce46e7d1cde15777a58bd
-
SSDEEP
49152:KCtI+vNrL3ctRG8Lnh5pkjamjYNexTKNPd/PAbkzSYl+aFUUhf3LIE3VEalMlrMF:Ky1oL33VEallIgUCxx
Score10/10-
Suspicious use of NtCreateThreadExHideFromDebugger
-