General

  • Target

    3ea9a35d375b51a9c6b6a5e2f33aedab.bin

  • Size

    893KB

  • Sample

    240904-blgzyatbrc

  • MD5

    3b4e0e7b1ba1c76ef74f2536fb9c8efd

  • SHA1

    497fc36ac1678adf7d07af71966462324fd897df

  • SHA256

    aba668928f876cddb6a89a26c039f7e09eb634f455f27bfbbd9e55f1194af840

  • SHA512

    634f235dd52d023b85a1a2417d8bd9bda195d654e39120ee202a0863ce4f6c041abc7d2ce2ccd4dd856de9201c36d9a0825efdcd5b9e6bdd491f36f70492631c

  • SSDEEP

    24576:stmEK/IrDZx6ABCupDtCKM97iBs/644etEE:emEPZkuRtmi+S41aE

Malware Config

Extracted

Family

remcos

Botnet

LBLOW

C2

64.188.26.202:1604

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    Vexploio.exe

  • copy_folder

    Vexplo

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-TLDR4C

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      51140bec1d515183c335c97f8fd633a4d2624b17125a84c8e4b8dba2603e3636.exe

    • Size

      1.2MB

    • MD5

      3ea9a35d375b51a9c6b6a5e2f33aedab

    • SHA1

      c5556b95abfbaefa4e9e4495ddb38d21994f3791

    • SHA256

      51140bec1d515183c335c97f8fd633a4d2624b17125a84c8e4b8dba2603e3636

    • SHA512

      8088e7f066ee95caf66fb73ac68a0fe8d0394eaa3926585250eec1ca0f57e8ec1803a8c4996da7a431ed83d3713a78822a06c68e551595fa8f3f4232d995966f

    • SSDEEP

      24576:/yVdVyi9zi02fi1jppTvCkV0uf5ZmH1OvVzPMCwbM:/g9uo5vCkCua1szU

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.