Overview

overview

10

Static

static

1

ScreenShot.exe

windows7-x64

10

ScreenShot.exe

windows10-2004-x64

10

altorilievo.ppt

windows7-x64

3

altorilievo.ppt

windows10-2004-x64

1

centenary.app

macos-10.15-amd64

1

madbasic_.dll

windows7-x64

3

madbasic_.dll

windows10-2004-x64

3

maddisAsm_.dll

windows7-x64

3

maddisAsm_.dll

windows10-2004-x64

3

madexcept_.dll

windows7-x64

3

madexcept_.dll

windows10-2004-x64

3

rtl120.dll

windows7-x64

3

rtl120.dll

windows10-2004-x64

3

vcl120.dll

windows7-x64

3

vcl120.dll

windows10-2004-x64

3

vclx120.dll

windows7-x64

3

vclx120.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d5b7e44063390ec37888b34fb59ee9a0ace96f951fbe8dbe536a0bc7f583c620.zip

  • Size

    3.0MB

  • Sample

    240727-cehhkazdlr

  • MD5

    a0e817b7c5b0967b8ace74442d5f9e64

  • SHA1

    8edcf630aac434d70f7ab95b6e9373f3997551fa

  • SHA256

    d5b7e44063390ec37888b34fb59ee9a0ace96f951fbe8dbe536a0bc7f583c620

  • SHA512

    c6618bf8552ffed804f6bf8e784bbf81813c48ef27c91081b70d9b2029e2ca61a39036f338553fcc65cd31b45455e3a0e9d2a605199b58eefdf7cf2c91348eaa

  • SSDEEP

    98304:SH7hTFBzJFsn2CgUgO8kmWJgrxgs1DSvs7N0LrYau:ehTDzkn2CVspZ7NoYV

Score
10/10
remcoshumadiscoverymacosrat

Malware Config

Extracted

Family

remcos

Botnet

huma

C2

81.19.139.74:4343

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-OMQQOG

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      ScreenShot.exe

    • Size

      1.3MB

    • MD5

      6a2cdd8709524999190f4b43a83108c9

    • SHA1

      47b472ca518760552d1e0fa2d2321339dd596471

    • SHA256

      bd0f954149173d3f5766eee5bd78d5f27ea1ea69667da7b3970b0e6154afc85f

    • SHA512

      3b9a50892b7b18480380f69f0eb185b663e82da16064b60a262e9f3181f23ee8510b338eb28af7b961ab555082ffc494cc4fa950610d1991e6d1fa12ba497299

    • SSDEEP

      24576:ToaZhvL2xgUgoJU72/LV5P3bhIqCl1xlaxqBmdq5:Z6xgUgoJUcaqCDxv

    Score
    10/10
    remcoshumadiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      altorilievo.ppt

    • Size

      942KB

    • MD5

      e540c4fcecd77b819094eee15ced316a

    • SHA1

      d45eb272fdf83641c942c0b7c66aa1ae313738a0

    • SHA256

      577ddb0c94d3814a044af5a4ff2591f1e59d227ae00b37358427e2de2d80ff3d

    • SHA512

      01ae43e96ae17b121f2c44b2c67f8ef66e7e278331d4c27d98206304b3a25d3dc211c3a1e2e2c6de6c342007cb67dcfbd7b6af7eeec5c5af5ad8421472d09c8e

    • SSDEEP

      12288:wsHR4mkXyWdmHo6d7YfHJpb/k6GbudU+2fpshtAL0k4z3iaCI4c34IEF9cecrwWm:mmiy+AQpJk5qdlhtq4mawQEFmec037

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      centenary.app

    • Size

      29KB

    • MD5

      ed5672e9357974fe27faa05c97b9c6ce

    • SHA1

      f866486cd73b42d4aedddba71f16cad9d4554fcb

    • SHA256

      530f8dbee1036b66a3c77512e216ab0f67779a3640daf2864d1fd8bd7e539c30

    • SHA512

      246b0e833f6b081d9a839537039c1b3432501c2d42491cd5feb45e1a82c71e55370532d8854700eea3a335728cb5c4a7a396e6896ff896427a8f95befdf68252

    • SSDEEP

      768:f4QtivrY5D5lq2Ef+IReU9Y+fOZFa+YlgWf9:gQlqPI6mFd8

    Score
    1/10
    behavioral5

    • Target

      madbasic_.bpl

    • Size

      212KB

    • MD5

      a734f2428443030c46db9ce3ab2e68a6

    • SHA1

      1bf4d3e9b4bf1d801a348f2e46cc9887bae12998

    • SHA256

      038511fc64801be03d8472a2f7a6ba8a27e0398cf876be1427c1463cf9190c80

    • SHA512

      d829ea13a0d736bee3a788822f5c04e58deff6175da735c25b8031d19e9c3c6bfa40af6882b6e842ba466ba0a5d51c766310491d73261a842334215edf09b699

    • SSDEEP

      6144:nN/kSQxE6qeM/k4qTl5L5e5+53WCG1CbF/Frfo:wqeM/k4qR5L5e5+53WulZo

    Score
    3/10
    discovery
    behavioral6behavioral7

    • Target

      maddisAsm_.bpl

    • Size

      64KB

    • MD5

      11efab4068cb4058207959e2638c2c1a

    • SHA1

      b1eac0879dcda14bdc0c2efd7f261d7c175208c3

    • SHA256

      11e3568f497c40331ee4a9e9973967e61b224e19204e09ed7451da3b74bd2ff5

    • SHA512

      ced6167612674232429c25e52ba051994b09fdaeaf3316505904456ef8d7063f2eb03b5a158f0a424f0ecb49673e6a3d6b57d61183c5f8402da3fe53af0bd185

    • SSDEEP

      1536:eNy3eqMne0sXB0IWtCLwEJhY0w1FwbiD7wlwei7:CqMnfIB04LwEJhY0w1UTnE

    Score
    3/10
    discovery
    behavioral8behavioral9

    • Target

      madexcept_.bpl

    • Size

      438KB

    • MD5

      562ec96d0f65b0309ad7508d0e0ced11

    • SHA1

      0fe9dda664f4f8d9ae18603c5a25756710032a6f

    • SHA256

      fb64a5954b726d2d0f0bc26113a36dc8a86c469af994ceeaf2e2609743a0a557

    • SHA512

      876b82534764b2d156ce64d52771d38f245d330957287773f6b2360f48564b8d4a304449fa6f6400052165aaf433a191af2d3b38b194a9b1e892552dc0805fba

    • SSDEEP

      6144:XlAz49EKhEV30F8sl88nTjQ4Q50gEcW/jd+o72niVUNMa4Yn2lZ:XlG4ut30F8slzYlQcW/jd++2nJ6u2lZ

    Score
    3/10
    discovery
    behavioral10behavioral11

    • Target

      rtl120.bpl

    • Size

      1.1MB

    • MD5

      e71e48e31ac728a6de7c020645f0c32f

    • SHA1

      7f86eadd1b7a0ab87b7ce7c2029bdef3d6fe1d8d

    • SHA256

      40a1d1a2f276738f568700ddccac99cdcd35b973fc8be86ab826c0d1abc9d6ff

    • SHA512

      5e41dbe7efac8a042a14c2f976d1afcd45e3f7531fb60daab61ac17ffd339d34e1c6746fce9e4b591b026598a89e38f36c6d24e33e2de0b39d81806259f9be2a

    • SSDEEP

      24576:0bhz5FWbA1msvIRzM7Rk5JZzSQ4+Is2D9Tx0gbo9:b2hTKgbo9

    Score
    3/10
    discovery
    behavioral12behavioral13

    • Target

      vcl120.bpl

    • Size

      1.9MB

    • MD5

      c8cff500ac30e5ef120ecb00bcdc0ebb

    • SHA1

      6dc63844fbc7e9678d8653d715d1f65c8c9f834b

    • SHA256

      7867aa9cb994e770c40e5b827d4f689bdc913b3466965b77a2b322d6c526045b

    • SHA512

      de393681162c50507f3a54b957c264a25993e28b38ac7f21df9b2ce2eab9177a46e1336a88a5045c75aa66f5e9cf2b5edeef5516225bdd80ed0c01506489e8b0

    • SSDEEP

      24576:QAgt8PRUMggrgN/5tWw+eNVEXZB5SOCwhuuYY8RP1S9YWPIqyz6W:QHSf0Ww+NpPSyzYY8n8YWPI/+W

    Score
    3/10
    discovery
    behavioral14behavioral15

    • Target

      vclx120.bpl

    • Size

      223KB

    • MD5

      8aaa3926885b3fa7ae0448f5e700cb79

    • SHA1

      47bd7d281ddde5ebef8599482212743bf2f7e67b

    • SHA256

      47396c301fbe78bfaf9e344936a0f7a4e6d174c096f847e160d822e48012162d

    • SHA512

      86d395ca89ec2a988f035ecb32640ddac99247e2568673246388fe310e8c3a44807049e8f3482fae86c453d5e3529a8f2daf8614a1086b6d979e64fd917bbe3a

    • SSDEEP

      3072:f4af8kXL6nX0YXjvkWQ5vYhbNkWPFOEJ8YZbjeTl0Y25zFgYBzRKy6sB65avEtAf:Qaf8kLWL7Xov8bNxdOmrfgYmHA6G

    Score
    3/10
    discovery
    behavioral16behavioral17

MITRE ATT&CK Enterprise v15

Tasks