remcos | 9794c8d5bc0844135e241b317f940a20ef9d38dfbb93a177a76af10ddfe03f3c | Triage

Sharing

General

Target

46be905aafe246e23cea7034aeff3330N.exe
Size

448KB
Sample

240823-vjjkjawgnf
MD5

46be905aafe246e23cea7034aeff3330
SHA1

1ef9b68c57014a98bc800a38489f014ab6dff385
SHA256

9794c8d5bc0844135e241b317f940a20ef9d38dfbb93a177a76af10ddfe03f3c
SHA512

213073a5b9dc5d260ea0c38834c43c0e4684ea7a12f532e7bb9bc1b38ffd663dc52d986ca9b4b617c9061a05f5a0fe50cd6f1908a65ba489435299b40040ad6d
SSDEEP

6144:EAg4RVDZlHx5k7iLZnaSguI2IiRL/SISjw8nHWh1R2K3g9ZsAOZZQmXxlcK3W:Emnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSbW

Score

10^/10

remcos new

Malware Config

Extracted

Family

remcos

Botnet

New

C2

173.212.217.108:1050

zab4ever.no-ip.org:1050

1zab4ever.no-ip.org:1050

1zab4ever.duckdns.org:1050

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
BrowseUpdt.exe
delete_file
false
hide_file
true
hide_keylog_file
true
install_flag
true
install_path
%AppData%
keylog_crypt
false
keylog_file
nobita.dat
keylog_flag
false
keylog_path
%AppData%
mouse_option
false
mutex
khruioprs-T021C4
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
BrowseUpdt
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
notepad;solitaire;

Targets

- Target
  
  46be905aafe246e23cea7034aeff3330N.exe
- Size
  
  448KB
- MD5
  
  46be905aafe246e23cea7034aeff3330
- SHA1
  
  1ef9b68c57014a98bc800a38489f014ab6dff385
- SHA256
  
  9794c8d5bc0844135e241b317f940a20ef9d38dfbb93a177a76af10ddfe03f3c
- SHA512
  
  213073a5b9dc5d260ea0c38834c43c0e4684ea7a12f532e7bb9bc1b38ffd663dc52d986ca9b4b617c9061a05f5a0fe50cd6f1908a65ba489435299b40040ad6d
- SSDEEP
  
  6144:EAg4RVDZlHx5k7iLZnaSguI2IiRL/SISjw8nHWh1R2K3g9ZsAOZZQmXxlcK3W:Emnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSbW
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2