Analysis
-
max time kernel
147s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
04/10/2024, 01:48 UTC
Behavioral task
behavioral1
Sample
remcosviejo.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
remcosviejo.exe
Resource
win10v2004-20240802-en
General
-
Target
remcosviejo.exe
-
Size
483KB
-
MD5
e6ed0b450a69ad32a2cf629236265e1c
-
SHA1
c5b490ac0148705cc13e61bec49ca9d3d020cead
-
SHA256
8de4861c4aca30b32685f9a1b78c307b6faa5011551ebf689babc7c42babb720
-
SHA512
61c8dbfe1497ef9d32d4c905f2e84f69e3dcedca90f7f7f15bffc69d53088aa3fd0e3900de4b87494303b46e05a08e777ace9715430efb9cdf2f5abc3d646dc3
-
SSDEEP
6144:vXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZ5AXIcNc5Gv:vX7tPMK8ctGe4Dzl4h2QnuPs/Z55cv
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language remcosviejo.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1048 remcosviejo.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestcomandoespecial2023.duckdns.orgIN AResponsecomandoespecial2023.duckdns.orgIN A173.208.241.155
-
Remote address:8.8.8.8:53Requestcomandoespecial2023.duckdns.orgIN AResponsecomandoespecial2023.duckdns.orgIN A173.208.241.155
-
Remote address:8.8.8.8:53Requestcomandoespecial2023.duckdns.orgIN AResponse
-
Remote address:8.8.8.8:53Requestgeoplugin.netIN AResponsegeoplugin.netIN A178.237.33.50
-
Remote address:178.237.33.50:80RequestGET /json.gp HTTP/1.1
Host: geoplugin.net
Cache-Control: no-cache
ResponseHTTP/1.1 200 OK
server: Apache
content-length: 955
content-type: application/json; charset=utf-8
cache-control: public, max-age=300
access-control-allow-origin: *
-
3.4kB 1.6kB 13 17
-
669 B 2.5kB 13 4
HTTP Request
GET http://geoplugin.net/json.gpHTTP Response
200
-
231 B 263 B 3 3
DNS Request
comandoespecial2023.duckdns.org
DNS Request
comandoespecial2023.duckdns.org
DNS Request
comandoespecial2023.duckdns.org
DNS Response
173.208.241.155
DNS Response
173.208.241.155
-
59 B 75 B 1 1
DNS Request
geoplugin.net
DNS Response
178.237.33.50
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144B
MD539a733a970a3e07054c28e1077958e13
SHA11f44897e4bcf2f7c228b4d8ac0bba1e6e6b315e7
SHA256cb723a071ffb342f0d3cbf65888c18e9e0aab0fc37dcd2558d9a2cde34fa2fae
SHA5124e8989364b52734b187c7619d58ceb0ebcf71ae0835e2617af06f007d746947f9fe5b6e2edc2debb6b23d76901e1e40811158fa0cc42f012416018ac6364fe11