Analysis

  • max time kernel
    147s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2024, 22:26 UTC

General

  • Target

    1728080706a248a4f632b137f140bbdefdc6243fcfee4f77d8efc81faca52425088e5ea1dc575.dat-decoded.exe

  • Size

    483KB

  • MD5

    c889bbf5b1e3688a1863be4080a67cdf

  • SHA1

    78917ebb95eda1e6ea617c9e52fa37cac374e487

  • SHA256

    c17f913d54daa4fc678b281988d2b6997ea93b6bd277bab6c3e222f60065887b

  • SHA512

    67fbb47e45d633c6a1631dbc9cfd47bbb3f567d11ae362b106edf197191800d2a3989b4454bca526b4e027d14940f1d54497e364090aebc6cc55beab3fcc3c74

  • SSDEEP

    6144:+XIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZDAXYcNb5Gv:+X7tPMK8ctGe4Dzl4h2QnuPs/ZDScv

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1728080706a248a4f632b137f140bbdefdc6243fcfee4f77d8efc81faca52425088e5ea1dc575.dat-decoded.exe
    "C:\Users\Admin\AppData\Local\Temp\1728080706a248a4f632b137f140bbdefdc6243fcfee4f77d8efc81faca52425088e5ea1dc575.dat-decoded.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:1580

Network

  • flag-us
    DNS
    sost2024ene.duckdns.org
    1728080706a248a4f632b137f140bbdefdc6243fcfee4f77d8efc81faca52425088e5ea1dc575.dat-decoded.exe
    Remote address:
    8.8.8.8:53
    Request
    sost2024ene.duckdns.org
    IN A
    Response
    sost2024ene.duckdns.org
    IN A
    186.169.83.212
  • flag-us
    DNS
    geoplugin.net
    1728080706a248a4f632b137f140bbdefdc6243fcfee4f77d8efc81faca52425088e5ea1dc575.dat-decoded.exe
    Remote address:
    8.8.8.8:53
    Request
    geoplugin.net
    IN A
    Response
    geoplugin.net
    IN A
    178.237.33.50
  • flag-nl
    GET
    http://geoplugin.net/json.gp
    1728080706a248a4f632b137f140bbdefdc6243fcfee4f77d8efc81faca52425088e5ea1dc575.dat-decoded.exe
    Remote address:
    178.237.33.50:80
    Request
    GET /json.gp HTTP/1.1
    Host: geoplugin.net
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    date: Fri, 04 Oct 2024 22:26:08 GMT
    server: Apache
    content-length: 955
    content-type: application/json; charset=utf-8
    cache-control: public, max-age=300
    access-control-allow-origin: *
  • 186.169.83.212:1213
    sost2024ene.duckdns.org
    tls
    1728080706a248a4f632b137f140bbdefdc6243fcfee4f77d8efc81faca52425088e5ea1dc575.dat-decoded.exe
    3.7kB
    1.6kB
    14
    17
  • 178.237.33.50:80
    http://geoplugin.net/json.gp
    http
    1728080706a248a4f632b137f140bbdefdc6243fcfee4f77d8efc81faca52425088e5ea1dc575.dat-decoded.exe
    623 B
    2.5kB
    12
    4

    HTTP Request

    GET http://geoplugin.net/json.gp

    HTTP Response

    200
  • 8.8.8.8:53
    sost2024ene.duckdns.org
    dns
    1728080706a248a4f632b137f140bbdefdc6243fcfee4f77d8efc81faca52425088e5ea1dc575.dat-decoded.exe
    69 B
    85 B
    1
    1

    DNS Request

    sost2024ene.duckdns.org

    DNS Response

    186.169.83.212

  • 8.8.8.8:53
    geoplugin.net
    dns
    1728080706a248a4f632b137f140bbdefdc6243fcfee4f77d8efc81faca52425088e5ea1dc575.dat-decoded.exe
    59 B
    75 B
    1
    1

    DNS Request

    geoplugin.net

    DNS Response

    178.237.33.50

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\remcos\logs.dat

    Filesize

    144B

    MD5

    da244aedd61446b809c31bc8e6e524f2

    SHA1

    04446b9cb430de49eb16da73efe589a7e69f803f

    SHA256

    1cdda9620cb81ef1bc3ec014f3855035380a5ce30dee7df3c40db3e14c50b44b

    SHA512

    5aa26d4985babb25567b3bf65bd0fe20d8f166b412b0a37b45cb80cef3be5db9f5ccea550f6f7d2c258910429863f170830106fce28109688eed7bca3e837a58

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.