Overview

overview

10

Static

static

10

25_CLARA_W...-f.zip

windows7-x64

1

25_CLARA_W...-f.zip

windows10-2004-x64

1

25' W-2 10...df.exe

windows7-x64

10

25' W-2 10...df.exe

windows10-2004-x64

10

Z-Tx CLARA

windows7-x64

1

Z-Tx CLARA

windows10-2004-x64

1

msimg32.dll

windows7-x64

3

msimg32.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25_CLARA_W-2_1040_Release_6571pd-f.zip

  • Size

    148.8MB

  • Sample

    250205-zr9h5stqbn

  • MD5

    82ec0704657314045337f22b50eda830

  • SHA1

    faf0c930e48ff23dd8f59a666252acdfde9ede3c

  • SHA256

    2481442ea290e278bc156a0117e45998268db4cebca8e15e16537d3f76922ea5

  • SHA512

    9ad710058367d317615fbefccb92c722efbebbe38175b87d1e5c688d13db10282e20b6381801c62253fa1044dc9742f8ed75c29dfa95a517519738951e593857

  • SSDEEP

    3145728:UslrWYAsa9Bk44cjxDy5t2lFs9asQwiULa6Th8WKRWmU+HgXaRpS77://AhBk4XxDTsov6acK4+gXa7O

Score
10/10
privateloaderremcosremotehostdiscoverypersistencerat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

privmerkt.com:4728

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-7YW88I

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      25_CLARA_W-2_1040_Release_6571pd-f.zip

    • Size

      148.8MB

    • MD5

      82ec0704657314045337f22b50eda830

    • SHA1

      faf0c930e48ff23dd8f59a666252acdfde9ede3c

    • SHA256

      2481442ea290e278bc156a0117e45998268db4cebca8e15e16537d3f76922ea5

    • SHA512

      9ad710058367d317615fbefccb92c722efbebbe38175b87d1e5c688d13db10282e20b6381801c62253fa1044dc9742f8ed75c29dfa95a517519738951e593857

    • SSDEEP

      3145728:UslrWYAsa9Bk44cjxDy5t2lFs9asQwiULa6Th8WKRWmU+HgXaRpS77://AhBk4XxDTsov6acK4+gXa7O

    Score
    1/10
    behavioral1behavioral2

    • Target

      25' W-2 1040 CLARAS.pdf.exe

    • Size

      6.1MB

    • MD5

      4864a55cff27f686023456a22371e790

    • SHA1

      6ed30c0371fe167d38411bfa6d720fcdcacc4f4c

    • SHA256

      08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2

    • SHA512

      4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb

    • SSDEEP

      98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz

    Score
    10/10
    remcosremotehostdiscoverypersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

    • Target

      Z-Tx CLARA

    • Size

      124.0MB

    • MD5

      f18e35263cbf7a85630459513c59b4a5

    • SHA1

      a096a38b9280a5b04970206ea94b35489c6043ea

    • SHA256

      a5195710f98f29e9fe211e84faa91b8dee5f241901679fda0a00745c19d4fb3c

    • SHA512

      e2fcfd399b27a964fd863d1471d3932266af712f5ce132e3df972543485ef737c648518ddac92d11957f6bbcab70c681f90e2453a73652a4a98b51a74e40ad20

    • SSDEEP

      3145728:h6LvSO+qkfRcSIGFLjoPj61For+im2SU9ucfNuw8fkK:uf+pRcS3LjtoKz+uy8MK

    Score
    1/10
    behavioral5behavioral6

    • Target

      msimg32.dll

    • Size

      50.5MB

    • MD5

      a7e4adcc9bfa2a5d0c9d94b999524c37

    • SHA1

      dc0ad3d1516dc38d6dcfaee56877aac8eb4ce3e3

    • SHA256

      9e210eecf0e724e3f27f3d9f9bdecc33096ea36f5ca3cd535c2ff7db50eebe0e

    • SHA512

      0084bcd5b4eafa34180de6cc7c26e4c8c319361611a2464d85ed97120d19258f54d9a0b39ada07eebe8637d26ff66242bd3905b2f56865be281938908f943b34

    • SSDEEP

      1572864:CJboGTrGir0AmTN5bcLnOUI4xHUE8JBQIW8J/jNDU:ChoQTaBAYU

    Score
    3/10
    discovery
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks