Overview

overview

10

Static

static

10

32d8c2a1bb...53.exe

macos-10.15-amd64

4

Resubmissions

11-01-2025 19:31

250111-x8ghksxjfw 10

11-01-2025 19:28

250111-x6tecsxjds 10

11-01-2025 19:27

250111-x58gwszjbn 10

11-01-2025 19:25

250111-x43v1swrhz 10

11-01-2025 19:22

250111-x272ysyrcl 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    32d8c2a1bb4d5a515d9eb36c1286b0ac08624c8ea3df0e97f12391558ce81153.zip

  • Size

    259KB

  • Sample

    250111-x43v1swrhz

  • MD5

    5a2a602b512859b2fcd5a200b5a4fea2

  • SHA1

    eb19baacf4231c4c75c2dd9a9cb620a9b40f4c97

  • SHA256

    de405e80d59503bf1ac724e65aea61f0c6849311338fa120c9a01354228d0ef9

  • SHA512

    3682cb064e0705ae80e2a8c86937f47271368aa3f79151908771212bc29dcaeae4035545e6b21d5f402c60e05b00ddd30ebc8e71498d207cc8fabf0556689845

  • SSDEEP

    6144:w6dYAV0Ut3QtBpXjXq2O/KM1fgyY8niM/a00iBrZIVjmRhaiMTYXZ:XQuQRrnfM1087y00iB2VjSHyYJ

Score
10/10
remcospaydaytryevasionexecutionmacos

Malware Config

Extracted

Family

remcos

Botnet

paydaytry

C2

198.50.242.157:443

apleegodfivem.ddns.net:443
Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    GoogleUpdate.exe

  • copy_folder

    GoogleDat

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    true

  • install_flag

    true

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    bootdata

  • mouse_option

    false

  • mutex

    Attempt-S4A0CI

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    ChromeUpdater

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      32d8c2a1bb4d5a515d9eb36c1286b0ac08624c8ea3df0e97f12391558ce81153.exe

    • Size

      469KB

    • MD5

      991e707e324731f86a43900e34070808

    • SHA1

      5b5afd8cecb865de3341510f38d217f47490eead

    • SHA256

      32d8c2a1bb4d5a515d9eb36c1286b0ac08624c8ea3df0e97f12391558ce81153

    • SHA512

      07411dffbc6beff08a901afa8db3af4bc7d214407f7b20a8570e16b3900f512ad8ee2d04e31bb9d870585b9825e9102078f6c40eb6df292f09fffe57eea37f79

    • SSDEEP

      12288:wmnk7iLJbpIpiRL6I2WhSKQ9ZsfZQScn9:wiLJbpI7I2WhQqZ7c9

    Score
    4/10
    evasionexecution
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks