Overview

overview

10

Static

static

3

Product Sa...df.exe

windows7-x64

7

Product Sa...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03122024_1048_Product Sample Requirement.pdf.tar

  • Size

    1.2MB

  • Sample

    241203-mwbfpasjcv

  • MD5

    34bbcfcc728e4f0c33f0b2f2dbc1c3db

  • SHA1

    384434e26c1b417b162bda9df43d60d60426bbda

  • SHA256

    19e7b739eba1a54c80cce176686c206930a28579ab57f4281ad97ebdcd31d46c

  • SHA512

    d0795e3fd72f8e1d1044e616907793b304a9d8be90da804cd9b78aa91888b5a0e730c35c3c8efa4a0f0444e730bb53445a3d8f0a8c16dae1e3303a57cdf5fa5a

  • SSDEEP

    24576:GTQMspNpYW371SG6pBzsiIBB5arKqk/1Ra8621J9+z:G0fDpYeX6oBkrKqk/1RaREJ9+z

Score
10/10
remcoswire2discoveryrat

Malware Config

Extracted

Family

remcos

Botnet

wire2

C2

87.121.86.8:2195

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-V4679R

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      Product Sample Requirement.pdf.exe

    • Size

      1.4MB

    • MD5

      d9181ebff81afb31a951e560774e6bdf

    • SHA1

      61587f2a1b7d29f2b6f52abae75277835e0f0708

    • SHA256

      e6314cf3560f9fd60a07d99de549c09775e9fbf149feaf7e1a347298e261bf51

    • SHA512

      4911bf45fb680be5067404e067f17e694c0a1243e0e7e5e1750a34c9beb9786a63023ebbfd674713c82547d8bd9d06d1bc12c3729dd1bb9fb8722a6d2a0f8341

    • SSDEEP

      24576:ffyQHkppveO371GK6fHze8IBf1alIYk7BRa866Rt98:ffW3vemn6AfwlIYk7BRaR6t98

    Score
    10/10
    discoveryremcoswire2rat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks