General

  • Target

    moon.exe

  • Size

    423KB

  • Sample

    241216-xtvfwsxrdy

  • MD5

    b1c7d8102bcab505d2fdec27282767f3

  • SHA1

    4f3496b126eabcd57335e2a315d59bdd2e043c89

  • SHA256

    010b6fa39f761c1444233c206b2c4434428a75ff9d0583bcb84b12e2804340db

  • SHA512

    c1da6810dbcf11b582f80820f55279258a5779eb420ec5a19b9da04a3d90dc37febb841e50d54be55b2fc447d77fd8f775a1e6f5ac7e8e10acb35bbbf8ce6748

  • SSDEEP

    6144:YeghbOV4Asvo/Z+wo6TmTIHnqgKIuTi5gTaWnLLDt1dbWAOaKapXFWbcFSU:YeKbOV4A3ho9IKNti5gT/wUzzWTU

Score
10/10

Malware Config

Extracted

Family

remcos

Version

3.8.0 Light

Botnet

moon

C2

204.10.194.175:4444

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    WindowsUpdater.exe

  • copy_folder

    WindowsUpdater

  • delete_file

    true

  • hide_file

    true

  • hide_keylog_file

    false

  • install_flag

    true

  • install_path

    %SystemDrive%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-4GSXVB

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    WindowsUpdater

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      moon.exe

    • Size

      423KB

    • MD5

      b1c7d8102bcab505d2fdec27282767f3

    • SHA1

      4f3496b126eabcd57335e2a315d59bdd2e043c89

    • SHA256

      010b6fa39f761c1444233c206b2c4434428a75ff9d0583bcb84b12e2804340db

    • SHA512

      c1da6810dbcf11b582f80820f55279258a5779eb420ec5a19b9da04a3d90dc37febb841e50d54be55b2fc447d77fd8f775a1e6f5ac7e8e10acb35bbbf8ce6748

    • SSDEEP

      6144:YeghbOV4Asvo/Z+wo6TmTIHnqgKIuTi5gTaWnLLDt1dbWAOaKapXFWbcFSU:YeKbOV4A3ho9IKNti5gT/wUzzWTU

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks