Overview
overview
10Static
static
32f14fefdd7...81.exe
windows7-x64
102f14fefdd7...81.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...9b.dll
windows7-x64
10$PLUGINSDI...9b.dll
windows10-2004-x64
10General
-
Target
JaffaCakes118_55f131be9f75250cc1291aafe4bc1593d460bcc71c62da5437aa14c894cf22f3
-
Size
186KB
-
Sample
241225-dnr9sswkfs
-
MD5
d6871bd2c8ca05d1edd8414e6ef32d3f
-
SHA1
c19893a50f85595aba15abc3a3e02f56e0ca3e21
-
SHA256
55f131be9f75250cc1291aafe4bc1593d460bcc71c62da5437aa14c894cf22f3
-
SHA512
449684673fed085029c721a573df39e7af5ed751b85f4f5b0084cdd8dfb56d1c41711770ae10b36ba60f5e303d717b41cf7bac79fea42577b2e3dd9cb85a5f66
-
SSDEEP
3072:uRPUPdRWSqYHZSt7+haWsNfA6uLmeG9ivvwZtzwZrsufjkWzbJBm:uRMPSkHstq8566em/Awvw62jTb/m
Static task
static1
Behavioral task
behavioral1
Sample
2f14fefdd76197ec0b0eed44f534230e1e2b39d655edf87dd8571ceb966bb281.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2f14fefdd76197ec0b0eed44f534230e1e2b39d655edf87dd8571ceb966bb281.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/gb7ir8nsaimu39b.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/gb7ir8nsaimu39b.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
remcos
2.7.2 Pro
GRACE _ MARCY
103.153.77.83:4348
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
mozila.exe
-
copy_folder
mozila
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
mozila
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
mozila-VR8Q9A
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
mozila
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
2f14fefdd76197ec0b0eed44f534230e1e2b39d655edf87dd8571ceb966bb281
-
Size
199KB
-
MD5
9915622262b1663ae9f851f664854000
-
SHA1
da9ae0706648eb10e1f5fbec1060f3eea8588ec6
-
SHA256
2f14fefdd76197ec0b0eed44f534230e1e2b39d655edf87dd8571ceb966bb281
-
SHA512
d4a5583f1a531a292aece6f27f41b1abd37a31500f5def1459b5e801816bfddd1b1e6aea38f4682dd21a0e5e2ab17149d15b07242bd65fb8a6147e5247e5e61d
-
SSDEEP
3072:5NRCywDw1DiJkuQbojv4YQ/6Jfd9cV44zo7dkH6ChVLOWV49p6vfE2JvAEVXUOQn:5T4Dt+AxQnpe6HrLObovfTNAE2Ar+e2
Score10/10-
Remcos family
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
15KB
-
MD5
0a9fb96a7579b685ec36b17fc354e6a3
-
SHA1
355754104dd47d5fcf8918dee0dc2e2ee53390a6
-
SHA256
b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7
-
SHA512
67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b
-
SSDEEP
384:EFC43tPegZ3eBaRwCPOYY7nNYXCg/Yosa:EMTgZ3eBTCmrnNAo
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
564bb0373067e1785cba7e4c24aab4bf
-
SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1
-
SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5
-
SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472
-
SSDEEP
192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL
Score3/10 -
-
-
Target
$PLUGINSDIR/gb7ir8nsaimu39b.dll
-
Size
149KB
-
MD5
0c44ee25d7c510783d118d3f76d88b3b
-
SHA1
ff537d185513d1a2daf91ca5679c79f3c8346e9a
-
SHA256
0b54c2abb6bee336adc1866f128591a6e0d5fa0f90333f6a6b57205b41196e20
-
SHA512
a13490eb75a842e15ae33cb167209e76dbfb7b1fe96530ca3bd41ff2a4318717b53a5e44bb1f0f2523f38888e142061019082ffb11bc633953a773b25e2fc587
-
SSDEEP
3072:zakbhW2I5O+aiKzEV6o7dkH6ChVLOSV49p6vfESJvAEVXUOQn3r+e2:zjbM2SwbUJ6HrLOHovfFNAE23r+e2
Score10/10-
Remcos family
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-