General
-
Target
Binary Image Logger.exe
-
Size
539KB
-
Sample
240814-yhdjnswamm
-
MD5
ae68f62cfda769bc4afa4b149b741a29
-
SHA1
50db9c85a3340ff3d66389049320fb6d44a3c9c3
-
SHA256
e73884573e48fc799a4347e4f463ebcb517bb10bdd800844fd6f17566fd37306
-
SHA512
c44cb77cb9da49889740a54867c538f191f9b5eb431566e6c4200f7e439e6d478ac9dd2d8a574cc7e813c48dd3cd3db1d82c5f5f8bf93ec2c2e0c914f1458295
-
SSDEEP
12288:/FVd6tvI0g3fQfqdAnKESxfbeabRN3ujW:/FVdoI0Ef5A2TeabRdujW
Static task
static1
Behavioral task
behavioral1
Sample
Binary Image Logger.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
remcos
RemoteHost
mode-clusters.gl.at.ply.gg:36304
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
$77-Update of anti root
-
copy_folder
Remcos
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%WinDir%\System32
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-MCWFTA
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Binary Image Logger.exe
-
Size
539KB
-
MD5
ae68f62cfda769bc4afa4b149b741a29
-
SHA1
50db9c85a3340ff3d66389049320fb6d44a3c9c3
-
SHA256
e73884573e48fc799a4347e4f463ebcb517bb10bdd800844fd6f17566fd37306
-
SHA512
c44cb77cb9da49889740a54867c538f191f9b5eb431566e6c4200f7e439e6d478ac9dd2d8a574cc7e813c48dd3cd3db1d82c5f5f8bf93ec2c2e0c914f1458295
-
SSDEEP
12288:/FVd6tvI0g3fQfqdAnKESxfbeabRN3ujW:/FVdoI0Ef5A2TeabRdujW
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4