Overview

overview

10

Static

static

10

25_W-2_104...71.zip

windows7-x64

1

25_W-2_104...71.zip

windows10-2004-x64

1

25' W-2 10...df.exe

windows7-x64

10

25' W-2 10...df.exe

windows10-2004-x64

10

YTx CLARA W-2

windows7-x64

1

YTx CLARA W-2

windows10-2004-x64

1

msimg32.dll

windows7-x64

3

msimg32.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25_W-2_1040_CLARA.pd-f_Release_6571.zip

  • Size

    167.8MB

  • Sample

    250206-x16gqswldp

  • MD5

    d582cacecba5c76601371c032b969974

  • SHA1

    6a264919104e8682952a0578e34a3ab76c9a2913

  • SHA256

    259d5f3084e06b0e59cf9bf0b37f0e19d334fdfea48dd851ef6bc3a101193927

  • SHA512

    5763477acb1a506d8423e3900877e2f881cc84e2e9aeb96ba07b1c65dab9cb601812efe281ab0cd67d2966d974fe897d5a0fca7d6aeb5c1a1e76db5d1dfe0684

  • SSDEEP

    3145728:QU+HgXaRpS7bu6S8adWx6wm/IA1wT830go1tO8ilIXGPu6HyUzwBz:UgXa7yjadWcwKR1wT830go7O8iVPwd

Score
10/10
privateloaderremcosremotehostdiscoverypersistencerat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

privmerkt.com:4728

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-7YW88I

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      25_W-2_1040_CLARA.pd-f_Release_6571.zip

    • Size

      167.8MB

    • MD5

      d582cacecba5c76601371c032b969974

    • SHA1

      6a264919104e8682952a0578e34a3ab76c9a2913

    • SHA256

      259d5f3084e06b0e59cf9bf0b37f0e19d334fdfea48dd851ef6bc3a101193927

    • SHA512

      5763477acb1a506d8423e3900877e2f881cc84e2e9aeb96ba07b1c65dab9cb601812efe281ab0cd67d2966d974fe897d5a0fca7d6aeb5c1a1e76db5d1dfe0684

    • SSDEEP

      3145728:QU+HgXaRpS7bu6S8adWx6wm/IA1wT830go1tO8ilIXGPu6HyUzwBz:UgXa7yjadWcwKR1wT830go7O8iVPwd

    Score
    1/10
    behavioral1behavioral2

    • Target

      25' W-2 1040 CLARAS.pdf.exe

    • Size

      6.1MB

    • MD5

      4864a55cff27f686023456a22371e790

    • SHA1

      6ed30c0371fe167d38411bfa6d720fcdcacc4f4c

    • SHA256

      08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2

    • SHA512

      4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb

    • SSDEEP

      98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz

    Score
    10/10
    remcosremotehostdiscoverypersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

    • Target

      YTx CLARA W-2

    • Size

      143.0MB

    • MD5

      5869a9172f527e899f6c625fad7ab575

    • SHA1

      96d4cadff23c160616d441281872c96b3b73fca9

    • SHA256

      793843a43902070dd005882467ead605fe7a61c6bb8bea643b83b96498df0bd4

    • SHA512

      7fdc3cbeaceecac357322de80a39f19a9bf6ae44e7293781251bdf33f4298ded1b9d7422e3a6b6fdb23868d33e0657860e26dcdf095ebd2d1eb44bcb02388bc7

    • SSDEEP

      3145728:92cys87qDYOYfOMHQjUpWM6h1gEM7e7cTgo3aOJuFf:9h87qsOwhHQjUpWM6LgEM5T49

    Score
    1/10
    behavioral5behavioral6

    • Target

      msimg32.dll

    • Size

      50.5MB

    • MD5

      a7e4adcc9bfa2a5d0c9d94b999524c37

    • SHA1

      dc0ad3d1516dc38d6dcfaee56877aac8eb4ce3e3

    • SHA256

      9e210eecf0e724e3f27f3d9f9bdecc33096ea36f5ca3cd535c2ff7db50eebe0e

    • SHA512

      0084bcd5b4eafa34180de6cc7c26e4c8c319361611a2464d85ed97120d19258f54d9a0b39ada07eebe8637d26ff66242bd3905b2f56865be281938908f943b34

    • SSDEEP

      1572864:CJboGTrGir0AmTN5bcLnOUI4xHUE8JBQIW8J/jNDU:ChoQTaBAYU

    Score
    3/10
    discovery
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks