Overview

overview

10

Static

static

3

Payment.Advice.exe

windows7-x64

3

Payment.Advice.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Chase_Bank_Payemnt_Advice.iso

  • Size

    78KB

  • Sample

    241128-wn9sys1kek

  • MD5

    d78f224ee6d1abb19be09fa08cef1277

  • SHA1

    9beb01dd320259674a8211e43058a849faaf8bc5

  • SHA256

    52b147dfc248835da236c6becbfce38ab5706e94202f05024b14fe0a1545b183

  • SHA512

    1028e6e46e87680b456a4e3712bcd00038405cc7f5755858f63386a8b0a72e1007aa70799944167bdfe40c64b1a0e108826a4dc7b0d1cde9f65259a5d1261d8b

  • SSDEEP

    768:fQjy5G5tItmxH2dIFyyXOLTqWEDDunXm:fj5G5ik2dIFyykqWSun2

Score
10/10
remcosremotehostdiscoveryrat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

41.216.183.238:7112

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-Y7J88P

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      Payment.Advice.exe

    • Size

      28KB

    • MD5

      06b1db936e774152deee29df23e666a8

    • SHA1

      ea3c2520c08591b457d7139d8226b183b3a5cd38

    • SHA256

      f71be61fe5a879ff3a5f53a9e8a092b43b6a97ee3c96e9b7e2df5c2ddfe0c51a

    • SHA512

      291f3a89404d9b8c7bb4d677bc741a1bc059cb5079ca42e6645ad52317d90cbbab2dad67e54c62e0dd915a64c7e81cced1bcb1d83203675c46a0779163e5fefc

    • SSDEEP

      768:bQjy5G5tItmxH2dIFyyXOLTqWEDDunXm:bj5G5ik2dIFyykqWSun2

    Score
    10/10
    discoveryremcosremotehostrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks