Overview

overview

10

Static

static

3

Remcos Pro...22.exe

windows10-2004-x64

10

Remcos Pro...22.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Remcos Professional Cracked By Alcatraz3222.exe

  • Size

    17.7MB

  • Sample

    240701-v6ng1a1ajc

  • MD5

    6e666074d66b2f28bf4b761cebf21a82

  • SHA1

    79023d7fccda2e7c6fdee339a6fa3d467c120ee6

  • SHA256

    774cac1c07b72d4a0a97f4885156788e5bcb76888e99b4271c3d25fb61a92518

  • SHA512

    be8cf140dbc41cf7653b5705b0e0ec4e66be3c12afad2e21e15e29401bf1e98b301191a68c3bf6dd3309161a98f0945ba3e8bf546dbd18db1b82640272ef6795

  • SSDEEP

    393216:aYuGvV8EHb+in8f4Zg41+Q4AXf5ZZcyfHDMxVpSc+q+eOFxdx:zKqSi8fN4sAXfrZcyfo7p0eYHx

Score
10/10
njrathackedevasionpersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

C2

dllsys.duckdns.org:3202

Mutex

3b570ffeeb3d34249b9a5ce0ee58a328

Attributes
  • reg_key

    3b570ffeeb3d34249b9a5ce0ee58a328

  • splitter

    svchost

Targets

    • Target

      Remcos Professional Cracked By Alcatraz3222.exe

    • Size

      17.7MB

    • MD5

      6e666074d66b2f28bf4b761cebf21a82

    • SHA1

      79023d7fccda2e7c6fdee339a6fa3d467c120ee6

    • SHA256

      774cac1c07b72d4a0a97f4885156788e5bcb76888e99b4271c3d25fb61a92518

    • SHA512

      be8cf140dbc41cf7653b5705b0e0ec4e66be3c12afad2e21e15e29401bf1e98b301191a68c3bf6dd3309161a98f0945ba3e8bf546dbd18db1b82640272ef6795

    • SSDEEP

      393216:aYuGvV8EHb+in8f4Zg41+Q4AXf5ZZcyfHDMxVpSc+q+eOFxdx:zKqSi8fN4sAXfrZcyfo7p0eYHx

    Score
    10/10
    njrathackedevasionpersistenceprivilege_escalationtrojan

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks