Overview

overview

10

Static

static

10

9d68bf6d43...0N.exe

windows7-x64

10

9d68bf6d43...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 08:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9d68bf6d4395c5abc2be5b939ec91ca0N.exe

  • Size

    211KB

  • MD5

    9d68bf6d4395c5abc2be5b939ec91ca0

  • SHA1

    3f0fec58ecdba63e8345a45cf767a8935e321c3b

  • SHA256

    1d3028b3e896be06cb45ee855dbdeb00122a28f6a60f4c3fa2c7c56680207516

  • SHA512

    0739bc8c35e8a7d75cd9ed9790abc5696f9267620538cb8a440015245bc4caab31a6f477d553cb9910b99ed042d8e51d0f361bc2edb75c8c0afa0c3a75550d9e

  • SSDEEP

    6144:qVUM+eLAzUQHsZeGeKV+bk3Rt7fC5hZuVXXU5:eP+W6fEeFYht7fK4k

Score
10/10
remcosagentratupx

Malware Config

Extracted

Family

remcos

Version

5.1.1 Light

Botnet

Agent

C2

159.223.171.199:20226

Attributes
  • audio_folder

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

  • copy_folder

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

  • keylog_flag

    false

  • keylog_folder

  • mouse_option

    false

  • mutex

    70ec85cd-0033-4f41-a280-4785c3d88479

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

  • take_screenshot_option

    false

  • take_screenshot_time

    5

  • take_screenshot_title

Signatures

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • UPX packed file 13 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d68bf6d4395c5abc2be5b939ec91ca0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9d68bf6d4395c5abc2be5b939ec91ca0N.exe"
    1⤵
      PID:2844

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2844-0-0x0000000000400000-0x0000000000479000-memory.dmp

      Filesize

      484KB

      Download

    • memory/2844-1-0x0000000000400000-0x0000000000479000-memory.dmp

      Filesize

      484KB

      Download

    • memory/2844-2-0x0000000000400000-0x0000000000479000-memory.dmp

      Filesize

      484KB

      Download

    • memory/2844-3-0x0000000000400000-0x0000000000479000-memory.dmp

      Filesize

      484KB

      Download

    • memory/2844-4-0x0000000000400000-0x0000000000479000-memory.dmp

      Filesize

      484KB

      Download

    • memory/2844-5-0x0000000000400000-0x0000000000479000-memory.dmp

      Filesize

      484KB

      Download

    • memory/2844-6-0x0000000000400000-0x0000000000479000-memory.dmp

      Filesize

      484KB

      Download

    • memory/2844-7-0x0000000000400000-0x0000000000479000-memory.dmp

      Filesize

      484KB

      Download

    • memory/2844-8-0x0000000000400000-0x0000000000479000-memory.dmp

      Filesize

      484KB

      Download

    • memory/2844-9-0x0000000000400000-0x0000000000479000-memory.dmp

      Filesize

      484KB

      Download

    • memory/2844-10-0x0000000000400000-0x0000000000479000-memory.dmp

      Filesize

      484KB

      Download

    • memory/2844-11-0x0000000000400000-0x0000000000479000-memory.dmp

      Filesize

      484KB

      Download

    • memory/2844-12-0x0000000000400000-0x0000000000479000-memory.dmp

      Filesize

      484KB

      Download