General
-
Target
1399a14c2f14db1b882950e2aba6b110N.exe
-
Size
483KB
-
Sample
240819-spbe1avekj
-
MD5
1399a14c2f14db1b882950e2aba6b110
-
SHA1
34d0f79d8c73b7fcd0706010292f1a38188a51b0
-
SHA256
95a98647ee6ce1f253c19a0221e56398cc5a1c5a75b6c5493e68d4e8f0de6d5e
-
SHA512
a3523044b9064ac11263f07f4d7574b67d662bc81151b2a2777dcb45bedf6937ab2ef469615ba166fe7ec2c08fe4f80a53c4479f7e51b2ed615f5757a7664bd5
-
SSDEEP
6144:YTz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZBAXccr6T4:YTlrYw1RUh3NFn+N5WfIQIjbs/ZBJT4
Behavioral task
behavioral1
Sample
1399a14c2f14db1b882950e2aba6b110N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
1399a14c2f14db1b882950e2aba6b110N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
remcos
RemoteHost
mode-clusters.gl.at.ply.gg:36304
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
$77-Update of anti root
-
copy_folder
WinDMRmanager
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%WinDir%\System32
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-ZQC2W5
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
1399a14c2f14db1b882950e2aba6b110N.exe
-
Size
483KB
-
MD5
1399a14c2f14db1b882950e2aba6b110
-
SHA1
34d0f79d8c73b7fcd0706010292f1a38188a51b0
-
SHA256
95a98647ee6ce1f253c19a0221e56398cc5a1c5a75b6c5493e68d4e8f0de6d5e
-
SHA512
a3523044b9064ac11263f07f4d7574b67d662bc81151b2a2777dcb45bedf6937ab2ef469615ba166fe7ec2c08fe4f80a53c4479f7e51b2ed615f5757a7664bd5
-
SSDEEP
6144:YTz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZBAXccr6T4:YTlrYw1RUh3NFn+N5WfIQIjbs/ZBJT4
-
Adds policy Run key to start application
-
Deletes itself
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4