Spreadsheet-for-samples-using-HeartCrypt.csv

SHA256 Hash,XOR Keys,Campaign Date,Payload Family,Extracted Config,Extracted C2 info,Payload Campaign designator,Payload Mutex
000d7d9f98d3040f2e366febd8f5c58a3335038982290ae333907890fe699e72,MENOLOVECROWDSTRIKE,8/2/2024,LummaStealer,"{""c2"": [""benchillppwo[.]shop"", ""publicitttyps[.]shop"", ""answerrsdo[.]shop"", ""radiationnopp[.]shop"", ""affecthorsedpo[.]shop"", ""bargainnykwo[.]shop"", ""bannngwko[.]shop"", ""bouncedgowp[.]shop"", ""ghostwritexmskz[.]shop""], ""port"": [], ""campaign"": ""JangOo--"", ""mutex"": """", ""non_standard"": {}}","benchillppwo[.]shop,publicitttyps[.]shop,answerrsdo[.]shop,radiationnopp[.]shop,affecthorsedpo[.]shop,bargainnykwo[.]shop,bannngwko[.]shop,bouncedgowp[.]shop,ghostwritexmskz[.]shop",JangOo--,
001212590d5c2fd2fb18dc4366d526051dfafad2e655b909db30496673441e31,gasgff34534c,4/19/2024,HeartCrypt Developer Test Sample,NONE,,,
00611bc2d5471b2c967ab91ca75a58070c5ddf1a2a18b0cb9988cd447c1e9fd0,gasgff34534c,4/2/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""reverseproxy.con-ip[.]com""], ""port"": [""4000""], ""campaign"": ""ABRIL - 01 - 2024"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""cHdnRXdxUWRsNmF2THF6TXo5bGxLTjljSXZXd1p5Rkc="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""IEVMW41ayuGIRFVRYn+InTM/ZqSgY1zDnuT0m4hBrxUJTKQWEVuqg1JJ7NeQxqDL4g+PWhzGBup2GSlN+FCmayPaBKUlbHJTh0wwhaYR3325/IQbqn/akWHnDiWvNA7M4zivPgPNiUDChv3gU7ayz/0qeeLRx+GRQRElv71q2cw="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""ABRIL - 01 - 2024"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",reverseproxy.con-ip[.]com,ABRIL - 01 - 2024,DcRatMutex_qwqdanchun
007a98a9dac8ccc34d6fb4ee6cf34188dc6c0bae0fc507115e64b19518b72e50,bbbbb5,1/27/2024,HeartCrypt Developer Test Sample,NONE,,,
01568de8658e767ee3669e2f5550bec292f1251ca82d20f550c7cf971b483f7a,SUCKTHEFTUBCEGTOOTE,9/8/2024,LummaStealer,"{""c2"": [""commisionipwn[.]shop"", ""stitchmiscpaew[.]shop"", ""ignoracndwko[.]shop"", ""grassemenwji[.]shop"", ""charistmatwio[.]shop"", ""basedsymsotp[.]shop"", ""complainnykso[.]shop"", ""preachstrwnwjw[.]shop"", ""obstacleosdsapq[.]shop""], ""port"": [], ""campaign"": ""JangOo--"", ""mutex"": """", ""non_standard"": {}}","commisionipwn[.]shop,stitchmiscpaew[.]shop,ignoracndwko[.]shop,grassemenwji[.]shop,charistmatwio[.]shop,basedsymsotp[.]shop,complainnykso[.]shop,preachstrwnwjw[.]shop,obstacleosdsapq[.]shop",JangOo--,
01672add57d9e53c782996fb0b64de8ff3646e8f1928a8cf6cb8d0447a8e75d4,ACXNSGNADS,6/27/2024,Remcos,"{""c2"": [""genesisloperalora09.con-ip[.]com:1880""], ""port"": [], ""campaign"": ""JUNIO"", ""mutex"": ""Rmc-AO9BLD"", ""non_standard"": {""c2_list"": ""genesisloperalora09.con-ip[.]com:1880:1\u001e"", ""botnet"": ""JUNIO"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-AO9BLD"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""registros[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Capturas de pantalla"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""0E470DBC439D9E4DD2D21356C7BB2FF1"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA/bK072R8ULSeOSr5wUkeEMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA6VI2iU8kQnjaxGQYZ1oOLiaXXpoQjtj7hJtuy1r3G/TBrRcCL/wyrO0LmSJpiu7EB437pCrDvLOwjUeG7tMkYwCgYIKoZIzj0EAwIDSQAwRgIhAOSn37JeyD+DIWNHGE1xcYdm1RrQ8TT8hiLd9UIfm9uuAiEA7GC6L19W5lN5cfD3Rh2Ior++WuiLxQwnvw7H9AP/egA="", ""tls_key"": ""MHcCAQEEIJG09kVEQDINj8+wjHIe85JcOXQro5U9++N24NOCtOYMoAoGCCqGSM49AwEHoUQDQgAEDpUjaJTyRCeNrEZBhnWg4uJpdemhCO2PuEm27LWvcb9MGtFwIv/DKs7QuZImmK7sQHjfukKsO8s7CNR4bu0yRg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICED1NkqG7jUVs6UE+9lfC9FgwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECd6OUnfQld2gC9x8EQRhtR8SxJVg8oG9XKYRGj3Bl2o3nxXg5UX+DJrxL2ck0tBmDDoUhbl6AoiS4LqLq0jehDAKBggqhkjOPQQDAgNIADBFAiBPs4LgiRbRQ2McVsYAzfd/Q/h5nMAd2ZznwiDFiFSGBQIhANcDTxlBaY+lmnofU7TMD8RRqIs9H3Tqnu3QRNLrm6d0""}}",genesisloperalora09.con-ip[.]com:1880,JUNIO,Rmc-AO9BLD
01c43d621ea272c9838753ac6bda61b3aa466298c024d7c7335a0207f9004928,MTGNSGNADS,5/3/2024,HeartCrypt Developer Test Sample,NONE,,,
01fb6cd536cfadcb15f5a4b13de2d5605382db36d2b2bb6434b455f0d80fe0d4,gasgff34534c,5/20/2024,VenomRat,"{""c2"": [""5[.]253.84.218""], ""port"": [""8998""], ""campaign"": ""Default"", ""mutex"": ""vhpbpcebfqm"", ""non_standard"": {""Ver_sion"": ""Venom RAT + HVNC + Stealer + Grabber  v6.0.3"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""ZXJaYXd2Vk9FMmJSdzRiYm1lbXJST1NEWHlIaURtMW0="", ""MTX"": ""vhpbpcebfqm"", ""Certifi_cate"": ""MIICOTCCAaKgAwIBAgIVAPyfwFFMs6hxoSr1U5gHJmBruaj1MA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMDgxNDA5NDEwOVoXDTMzMDUyMzA5NDEwOVowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMk9aXYluIabmb8kV7b5XTizjGIK0IH5qWN260bNCSIKNt2zQOLq6jGfh+VvAA/ddzW3TGyxBUMbya8CatcEPCCiU4SEc8xjyE/n8+O0uya4p8g4ooTRIrNFHrRVySKchyTv32rce963WWvmj+qDvwUHHkEY+Dsjf46C40vWLDxAgMBAAGjMjAwMB0GA1UdDgQWBBQsonRhlv8vx7fdxs/nJE8fsLDixjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAAVFFK4iQZ7aqDrUwV6nj3VoXFOcHVo+g9p9ikiXT8DjC2iQioCrN3cN4+w7YOkjPDL+fP3A7v+EI9z1lwEHgAqFPY7tF7sT9JEFtq/+XPM9bgDZnh4o1EWLq7Zdm66whSYsGIPR8wJdtjw6U396lrRHe6ODtIGB/JXyYYIdaVrz"", ""Server_signa_ture"": ""UpVyV6eOBpZwM9ng8f4Q3cfip+m5xPGUGlCdBvYno1ZMeX+7OuI512h9DufGcaWONN5cu6QdEqbNXMTJ8KNMWNmzNHrrn9c8Fmcm1C7FykaVkzoZ1FMCJx52r6jWV/zmtKKfJD6n937dOSZ6XiyIWQwK9LP3w+5uFBt73ggtkyg="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Default"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",5[.]253.84.218,Default,vhpbpcebfqm
02207bd351797f35a127b08d3efd6ef7f1335888fa3a3a22d21f9b8b10b41700,asrfde,1/7/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
02badfbfd5bc33379b2661689e5b7bd6914a971ed9d41e65be062c01f6e6b3f2,MTGNSGNADS,5/13/2024,ACRStealer,NONE,,,
03d2efb0706bab18e7b594b985f20bd316d9e074dc3906ebefe7ab4baffe5722,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,3/9/2024,Amadey,"{""c2"": [], ""port"": [], ""campaign"": """", ""mutex"": """", ""non_standard"": {""key"": ""2cd47fa043c815e1a033c67832f3c6a5"", ""version"": ""4.18"", ""uri_path"": [""/j4Fvskd3/index[.]php""], ""plugins"": [""cred.dll""]}, ""Strings"": [""topgamecheats[.]dev"", ""/j4Fvskd3/index[.]php"", ""4.18"", ""S-%lu-"", ""%-lu"", ""-%lu"", ""154561dcbf"", ""Dctooux.exe"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"", ""Startup"", ""cmd /C RMDIR /s/q "", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"", ""rundll32 "", ""Programs"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders"", ""%USERPROFILE%"", ""\\App"", ""POST"", ""cred.dll|clip.dll|"", ""Main"", ""http://"", ""https://"", ""/Plugins/"", ""&unit="", ""shell32.dll"", ""kernel32.dll"", ""GetNativeSystemInfo"", ""ProgramData\\"", ""AVAST Software"", ""Avira"", ""Kaspersky Lab"", ""ESET"", ""Panda Security"", ""Doctor Web"", ""360TotalSecurity"", ""Bitdefender"", ""Norton"", ""Sophos"", ""Comodo"", ""WinDefender"", ""0123456789"", ""Content-Type: multipart/form-data; boundary=----"", ""------"", ""\r\nContent-Disposition: form-data; name=\""data\""; filename=\"""", ""\""\r\nContent-Type: application/octet-stream\r\n\r\n"", ""\r\n------"", ""--\r\n"", ""?scr=1"", "".jpg"", ""Content-Type: application/x-www-form-urlencoded"", ""SYSTEM\\CurrentControlSet\\Control\\ComputerName\\ComputerName"", ""ComputerName"", ""abcdefghijklmnopqrstuvwxyz0123456789-_"", ""-unicode-"", ""SYSTEM\\CurrentControlSet\\Control\\UnitedVideo\\CONTROL\\VIDEO\\"", ""SYSTEM\\ControlSet001\\Services\\BasicDisplay\\Video"", ""VideoID"", ""\\0000"", ""DefaultSettings[.]XResolution"", ""DefaultSettings[.]YResolution"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""ProductName"", ""2019"", ""2022"", ""2016"", ""CurrentBuild"", ""rundll32.exe"", ""\""taskkill /f /im \"""", ""\"" && timeout 1 && del "", ""&& Exit\"""", ""\"" && ren "", "" && "", ""Powershell.exe"", ""-executionpolicy remotesigned -File \"""", ""shutdown -s -t 0"", ""st=s"", ""random""]}",,,
0513a96a4f549212ad24a7ee47bf22018e6b3c097cca871138bdc7e4d05cee6c,EFF   tcOtc,10/2/2024,HeartCrypt (Nested Payload),NONE,,,
0520a17e3d8e51c452f6a306e87bd11747f54061b550323aaa3effdcbc976ae3,gasgff34534c,3/27/2024,LummaStealer,"{""c2"": [""associationokeo[.]shop"", ""turkeyunlikelyofw[.]shop"", ""pooreveningfuseor[.]pw"", ""edurestunningcrackyow[.]fun"", ""detectordiscusser[.]shop"", ""relevantvoicelesskw[.]shop"", ""colorfulequalugliess[.]shop"", ""wisemassiveharmonious[.]shop"", ""wisemassiveharmonious[.]shop""], ""port"": [], ""campaign"": ""HTa5Zk--xinzhao"", ""mutex"": """", ""non_standard"": {}}","associationokeo[.]shop,turkeyunlikelyofw[.]shop,pooreveningfuseor[.]pw,edurestunningcrackyow[.]fun,detectordiscusser[.]shop,relevantvoicelesskw[.]shop,colorfulequalugliess[.]shop,wisemassiveharmonious[.]shop,wisemassiveharmonious[.]shop",HTa5Zk--xinzhao,
0537aa42d49f4582426dcac92368b7c61410f264f98ac92077356f609053f6b7,DSE222peSpe,10/20/2024,LummaStealer,"{""c2"": [""reinforcenh[.]shop"", ""stogeneratmns[.]shop"", ""fragnantbui[.]shop"", ""drawzhotdog[.]shop"", ""vozmeatillu[.]shop"", ""offensivedzvju[.]shop"", ""ghostreedmnu[.]shop"", ""gutterydhowi[.]shop"", ""highawaretemptersudwu[.]xyz""], ""port"": [], ""campaign"": ""HpOoIh--@hydroshot"", ""mutex"": """", ""non_standard"": {}}","reinforcenh[.]shop,stogeneratmns[.]shop,fragnantbui[.]shop,drawzhotdog[.]shop,vozmeatillu[.]shop,offensivedzvju[.]shop,ghostreedmnu[.]shop,gutterydhowi[.]shop,highawaretemptersudwu[.]xyz",HpOoIh--@hydroshot,
054b1c2a6511ab68ace708daa654ce41faa2d96319887e7f2d662d7afed77228,LStAFAGTUEACCCb,9/28/2024,LummaStealer,"{""c2"": [""delaylacedmn[.]site"", ""writekdmsnu[.]site"", ""agentyanlark[.]site"", ""bellykmrebk[.]site"", ""underlinemdsj[.]site"", ""commandejorsk[.]site"", ""possiwreeste[.]site"", ""famikyjdiag[.]site"", ""sippytryedkwn[.]shop""], ""port"": [], ""campaign"": ""YT6gHy--"", ""mutex"": """", ""non_standard"": {}}","delaylacedmn[.]site,writekdmsnu[.]site,agentyanlark[.]site,bellykmrebk[.]site,underlinemdsj[.]site,commandejorsk[.]site,possiwreeste[.]site,famikyjdiag[.]site,sippytryedkwn[.]shop",YT6gHy--,
05ae5ba43084943a2366f64d6ea6495a18cbf52738a6109de317e09629723783,,3/12/2024,Vidar,"{""c2"": [""hXXp://167[.]235.207.130""], ""port"": [], ""campaign"": ""a933350d1a85cf3797edd973ca74c44c"", ""mutex"": """", ""Strings"": [""GetProcAddress"", ""lstrcatA"", ""OpenEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""FindNextFileA"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""SetFilePointer"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""TerminateProcess"", ""GetCurrentProcessId"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrStrA"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""TRUE"", ""FALSE"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""History"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayVersion"", ""msvcp140.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""*.lnk"", ""Files"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Tox"", ""*.tox"", ""*.ini"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""accounts[.]xml"", ""token: "", ""Software\\Valve\\Steam"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""Content-Type: multipart/form-data; boundary=----"", ""Content-Disposition: form-data; name=\"""", ""build"", ""token"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg"", ""\u0004\u00004\u0000 \u0000e\u0000*\u0000\u001a\u0000S\u0000^\u0000A\u0000*\u0000\u001e\u0000+\u0000\f\u0000T\u00002\u0000i\u0000"", ""\u0004\u00004\u0000 \u0000e\u0000\u0007\u0000\u001d\u0000S\u0000Z\u0000L\u0000'\u0000\u000b\u0000!\u0000\f\u0000M\u0000$\u0000n\u0000""], ""non_standard"": {""dead_drop"": [""hXXps://steamcommunity[.]com/profiles/76561199651834633"", ""hXXps://t[.]me/raf6ik""], ""version"": ""8.2""}}",hXXp://167[.]235.207.130,a933350d1a85cf3797edd973ca74c44c,
05f459b6b4d24a6da05e1281d8eb3b66d0daec3a8f5a1c50ca17e9b82b9a5f4b,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,3/12/2024,XenoRat,"{""c2"": ""127[.]0.0.1"", ""port"": 4444, ""campaign"": """", ""mutex"": ""Xeno_rat_nd8912d"", ""non_standard"": {""EncryptionKey"": ""A6xnQhbz4Vx2HuGl4lXwZ5U2I8iziLRFnhP5eNfIRvQ="", ""delay"": 5000, ""DoStartup"": 2222, ""Install_path"": ""temp"", ""startup_name"": ""nothingset""}}",127[.]0.0.1,,Xeno_rat_nd8912d
05f77810972591f88192833e3b3b8015584fb97c407ebc677d0dbd975cebea3e,LStAFAGTUEACCCb,10/16/2024,LummaStealer,"{""c2"": [""delaylacedmn[.]site"", ""writekdmsnu[.]site"", ""agentyanlark[.]site"", ""bellykmrebk[.]site"", ""underlinemdsj[.]site"", ""commandejorsk[.]site"", ""possiwreeste[.]site"", ""famikyjdiag[.]site"", ""sippytryedkwn[.]shop""], ""port"": [], ""campaign"": ""YT6gHy--"", ""mutex"": """", ""non_standard"": {}}","delaylacedmn[.]site,writekdmsnu[.]site,agentyanlark[.]site,bellykmrebk[.]site,underlinemdsj[.]site,commandejorsk[.]site,possiwreeste[.]site,famikyjdiag[.]site,sippytryedkwn[.]shop",YT6gHy--,
060d6f9c0505a7709281567b10bbc91256a073ecd4fef23e3de47f5ff7aa40de,Aug 11guAgu,9/3/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""dxpam.duckdns[.]org""], ""port"": [""5999""], ""campaign"": ""Default"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""anZMdEVsYU1yVHdNeFAxUFAzOFBTZk8xSURxbzRDUzU="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAIhNlmebb6nSe6ECHjMpYKJ1i7gvMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMDEyODA1MzU1N1oXDTMxMTEwNzA1MzU1N1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALz18kcXxyYRNtzNciIOitqVEEKYOOJZOGjSaWOLKz3M/Df8QpKzt86Y+GK3639BYF/OzJ6i8PyJcI4jCe+L56ytnlJDfAYTzg7df+pvpE6bSgYYgBSEMcKBPrpx6bV5z/V8FOCVqlt9xfM47rHzIs6kOkc0Xu0TqFGxVfi3Koj/AgMBAAGjMjAwMB0GA1UdDgQWBBQOZShjgdZ92lUVGT5AalbF4rcBrDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBABuRWEmIgb/BjPElBrcq4LuUTHLBWgnJN3yXXtFA+Nl/+mYto5FZMUmzz3mbjKRHuzo79jdei4h1vSO9+2gTFWw1mY8HoeEoyL0YExBQMCoUPjpLJEuAydiWBMXXBmv0zPzE3W7zhG6DRe8pXQkZ2yu8c9G4KxXS1ITmSrlJqBQ6"", ""Server_signa_ture"": ""eROjiuz0PWs+xgxamB7sdm3kB9OKtq8I1pPHgtkdiF0h9pw4eJzyp0fCw7zAO7/Q6+ftDqxvY+0OnHCoiErkMARDy55VYX6/gB5S0xXaoVgAqsvboJJN7EtFrwNTMUTPnslStHIwjEI/4a7JpzD5BLO0KCD9qZ2yVxSo7MwJXPE="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Default"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",dxpam.duckdns[.]org,Default,DcRatMutex_qwqdanchun
07177a2cc9ea981ef0d694eb9ef15516a9da72efa4a2f18cad65532fd4d1e190,43423fdasfdasfa32143242,3/18/2024,Vidar,"{""c2"": [""hXXp://167[.]235.207.130""], ""port"": [], ""campaign"": ""9e87ffa15d95120a3f4c94e945bf4479"", ""mutex"": """", ""Strings"": [""GetProcAddress"", ""lstrcatA"", ""OpenEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""FindNextFileA"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""SetFilePointer"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""TerminateProcess"", ""GetCurrentProcessId"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrStrA"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""TRUE"", ""FALSE"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""History"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayVersion"", ""msvcp140.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""*.lnk"", ""Files"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Tox"", ""*.tox"", ""*.ini"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""accounts[.]xml"", ""token: "", ""Software\\Valve\\Steam"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""Content-Type: multipart/form-data; boundary=----"", ""Content-Disposition: form-data; name=\"""", ""build"", ""token"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg"", ""\u0004\u00004\u0000 \u0000e\u0000*\u0000\u001a\u0000S\u0000^\u0000A\u0000*\u0000\u001e\u0000+\u0000\f\u0000T\u00002\u0000i\u0000"", ""\u0004\u00004\u0000 \u0000e\u0000\u0007\u0000\u001d\u0000S\u0000Z\u0000L\u0000'\u0000\u000b\u0000!\u0000\f\u0000M\u0000$\u0000n\u0000""], ""non_standard"": {""dead_drop"": [""hXXps://steamcommunity[.]com/profiles/76561199651834633"", ""hXXps://t[.]me/raf6ik""], ""version"": ""8.3""}}",hXXp://167[.]235.207.130,9e87ffa15d95120a3f4c94e945bf4479,
083be5f3ca7305f6a0f6a769483a48ba6098984b7192db9079839c3c90469d18,fuckSsentinc,10/11/2024,LummaStealer,"{""c2"": [""wickedneatr[.]sbs"", ""invinjurhey[.]sbs"", ""laddyirekyi[.]sbs"", ""exilepolsiy[.]sbs"", ""bemuzzeki[.]sbs"", ""exemplarou[.]sbs"", ""isoplethui[.]sbs"", ""frizzettei[.]sbs"", ""exilepolsiy[.]sbs""], ""port"": [], ""campaign"": ""tXk9hs--Linkedin"", ""mutex"": """", ""non_standard"": {}}","wickedneatr[.]sbs,invinjurhey[.]sbs,laddyirekyi[.]sbs,exilepolsiy[.]sbs,bemuzzeki[.]sbs,exemplarou[.]sbs,isoplethui[.]sbs,frizzettei[.]sbs,exilepolsiy[.]sbs",tXk9hs--Linkedin,
0848e727bba3960a0fbbdb403a4a8503658b872e621234b6999b14ff9eb855eb,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,3/20/2024,PureCrypt Loader,NONE,,,
085a5ea0e085c1ec078df7771d6d4796a0d595b1c88d104568a37544c5bf4652,DOaEF1tcOtc,10/19/2024,XWorm,"{""c2"": [""putineveryone.ddns[.]net""], ""port"": [""7000""], ""campaign"": """", ""mutex"": ""qkdgL895kVfw28qj"", ""non_standard"": {""KEY"": ""<123456789>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""Factura"", ""USBNM"": ""USB.exe"", ""mutex"": ""qkdgL895kVfw28qj""}}",putineveryone.ddns[.]net,,qkdgL895kVfw28qj
08b302febb6fee2f577bb42cc0dc2683bec71ce5e58a17587fa19e09692de5c1,MTGNSGNADS,6/13/2024,XWorm,"{""c2"": [""ergfdsvhiebviured.con-ip[.]com""], ""port"": [""7000""], ""campaign"": """", ""mutex"": ""tocJ8y9rGd4EJkzB"", ""non_standard"": {""KEY"": ""<123456789>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""ARMENIA"", ""USBNM"": ""USB.exe"", ""mutex"": ""tocJ8y9rGd4EJkzB""}}",ergfdsvhiebviured.con-ip[.]com,,tocJ8y9rGd4EJkzB
0949ae633b8214009cb1c52d1bb2ea9f5066e90c0c285fcaf3844b0580e2f587,Sep222peSpe,10/14/2024,PureCrypt,NONE,,,
0965f85212e3c5fc2cd3e14499fd65b90c5aac7029a3d0afd61525284c5dc88f,MTGNSGNADS,5/13/2024,PureCrypt Loader,NONE,,,
391c15890e7db90a5ab7dbcd1d9d8050bb54584c3283232c9a3d6c299a8d0ef7,bb,1/27/2024,HeartCrypt (Nested Payload),NONE,,,
b19f406be8e31b70012e2256b375c5062181effcbae63c3b6021ea31eabecc0d,bb,1/27/2024,HeartCrypt (Nested Payload),NONE,,,
45dd5da0789b46e5a62749b0afb186191d5c2183cdabc8c58bb0ca036da735b6,bbbbb5,1/28/2024,HeartCrypt (Nested Payload),NONE,,,
0c04b6c3410b09724edb5f3ce6e8502ceeaa000475e7880bd255f3642decb890,bbbbb5,1/27/2024,HeartCrypt (Nested Payload),NONE,,,
356b236fe8d554369f76d635745d8ee5915bec76d07bf280460548cfd8b2da6d,bbbbb5,1/27/2024,HeartCrypt (Nested Payload),NONE,,,
41a98844ffcee16144b7d48961cb6573bfad86ebeccb5f231af5882e199774cc,bbbbb5,1/27/2024,HeartCrypt (Nested Payload),NONE,,,
87cb3e505b91088da96b2a66f717804140932581255d0a195f0df2ede2258e49,bbbbb5,1/27/2024,HeartCrypt (Nested Payload),NONE,,,
04e8b67bfbcc576c64439bb6c6e7ae2a767cfe71a120f148f9c738982577873e,bbbbb5,1/12/2024,HeartCrypt (Nested Payload),NONE,,,
099de377cdc27b701145d1ab34c71f5c63fe4511e3b3e74c0c4813a7e64c0f97,GGGSADEFFTL,7/19/2024,Rhadamanthys,NONE,,,
0a0dcf40a73e7f7a00a488367b7b0cadc4ff3ac7818cf22a46cd3e24ff5cf6e3,Aug111guAgu,8/17/2024,Vidar,"{""c2"": [""hXXps://195[.]201.118.191""], ""port"": [], ""campaign"": ""e4c95706ca9ca1f557526e6bb6442743"", ""mutex"": """", ""Strings"": [""INSERT_KEY_HERE"", ""GetProcAddress"", ""LoadLibraryA"", ""lstrcatA"", ""OpenEventA"", ""CreateEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""VirtualAlloc"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""advapi32.dll"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""GetUserNameA"", ""CreateDCA"", ""GetDeviceCaps"", ""CryptStringToBinaryA"", ""sscanf"", ""NtQueryInformationProcess"", ""VMwareVMware"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""HeapFree"", ""GetFileSize"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""FreeLibrary"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""GetWindowsDirectoryA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""DeleteFileA"", ""FindNextFileA"", ""LocalFree"", ""FindClose"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""ReadFile"", ""SetFilePointer"", ""WriteFile"", ""CreateFileA"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""lstrcpynA"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""GlobalAlloc"", ""OpenProcess"", ""TerminateProcess"", ""GetCurrentProcessId"", ""gdiplus.dll"", ""ole32.dll"", ""bcrypt.dll"", ""wininet.dll"", ""shlwapi.dll"", ""shell32.dll"", ""psapi.dll"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GdipFree"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""wsprintfA"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""wsprintfW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegCloseKey"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""ShellExecuteExA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrCmpCA"", ""StrStrA"", ""StrCmpCW"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmGetList"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Init"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""profile: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies"", ""TRUE"", ""FALSE"", ""Autofill"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""Web Data"", ""History"", ""logins[.]json"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""IndexedDB"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""Local State"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""ProductName"", ""x32"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayName"", ""DisplayVersion"", ""freebl3.dll"", ""mozglue.dll"", ""msvcp140.dll"", ""nss3.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""/c start "", ""%DESKTOP%"", ""%APPDATA%"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%DOCUMENTS%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""%RECENT%"", ""*.lnk"", ""Files"", ""\\discord\\"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Telegram"", ""Tox"", ""*.tox"", ""*.ini"", ""Password"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\r.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""00000001"", ""00000002"", ""00000003"", ""00000004"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""\\.purple\\"", ""accounts[.]xml"", ""dQw4w9WgXcQ"", ""token: "", ""Software\\Valve\\Steam"", ""SteamPath"", ""\\config\\"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""sqlite3.dll"", ""browsers"", ""done"", ""Soft"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""https"", ""Content-Type: multipart/form-data; boundary=----"", ""HTTP/1.1"", ""Content-Disposition: form-data; name=\"""", ""hwid"", ""build"", ""token"", ""file_name"", ""file"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg""], ""non_standard"": {""dead_drop"": [""hXXps://t[.]me/pech0nk"", ""hXXps://steamcommunity[.]com/profiles/76561199751190313""], ""version"": ""10.7""}}",hXXps://195[.]201.118.191,e4c95706ca9ca1f557526e6bb6442743,
0a4cd27916c51f83563939c4a44771e3aadd0186b7b367f2b8b2268fdc602311,Aug   guAgu,8/8/2024,Rhadamanthys,NONE,,,
0ac7b4738db9ba0bf36fd8b0a26b03c0e6bbc705de0aac02f427b62fd8858d4a,Edwardsigunecia,8/14/2024,XWorm,"{""c2"": [""zabra2oto.theworkpc[.]com""], ""port"": [""2000""], ""campaign"": """", ""mutex"": ""JW0zCpkLsMcVDwsY"", ""non_standard"": {""KEY"": ""<123456789>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""SideLoadBlox"", ""USBNM"": ""USB.exe"", ""mutex"": ""JW0zCpkLsMcVDwsY""}}",zabra2oto.theworkpc[.]com,,JW0zCpkLsMcVDwsY
0acb1809427093979ddae8bec5e6436a88c2b472cfb483e4f539ab8e2ca7f672,SUCKTHEFTUBCEGTOOTE,10/31/2024,Rhadamanthys,NONE,,,
0bfb5c9035c5bccea26456a7a873e7f682055c5621a3c2ada16f7db9e4b49a39,gasgff34534c,5/24/2024,WarzoneRat,"{""c2"": [""5[.]253.84.218"", ""5[.]253.84.218""], ""port"": [6500, 6500], ""campaign"": """", ""mutex"": """", ""non_standard"": {""warzone_id"": ""6Q7LV5Q5O7""}}","5[.]253.84.218,5[.]253.84.218",,
0d9ee9b2c72c983eb0c90851a353b5ca9f2a66e70453c822916c3c4464aeaab8,SUCKTHEFTUBCEGTOOTE,9/11/2024,Rhadamanthys,NONE,,,
0daceeced78525806e2221ef5857a345077e118c853797c17c85023c6d8e4cb8,bbbbb5,1/12/2024,HeartCrypt Developer Test Sample,NONE,,,
0dc2e4861267051eb2e3dfe8c57ad10a7fbe8d20c55429b15ca64014f2c50eca,dablyat,1/8/2024,HeartCrypt Developer Test Sample,NONE,,,
0dd890ccee2823c77b7b8417e1eadcf77e47177812ad715b59531386738c79ab,bbbbb5,1/27/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
0f90f094b3feeb87fe79416f42d583a8cf7d37c32e715856333846f9313b89f6,ACXNTGGCXTL,7/5/2024,RedlineStealer,"{""c2"": [""5[.]161.190.139:8732""], ""port"": [], ""campaign"": ""X4"", ""mutex"": """", ""non_standard"": {""ID"": ""X4"", ""Message"": """", ""Key"": ""Kinking"", ""Version"": ""1""}}",5[.]161.190.139:8732,X4,
0f9188163350f4562a4a2a86f490f99d593ef0940f0642ae7464c84677a00028,bbbbb5,1/10/2024,HeartCrypt Developer Test Sample,NONE,,,
10308a0e1aa49e815a747b0d9f9fd2d4e95ba594028b2550494f8ec6ee63abbb,Edwardsigunecia,7/8/2024,Remcos,"{""c2"": [""sleepychanreal[.]com:4040""], ""port"": [], ""campaign"": ""ZQUIKS"", ""mutex"": ""-YG603D"", ""non_standard"": {""c2_list"": ""sleepychanreal[.]com:4040:1\u001e"", ""botnet"": ""ZQUIKS"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": 0, ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""-YG603D"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""lucian[.]dat"", ""enable_keylogger_file_encryption_flag"": 1, ""enable_keylogger_file_hiding_flag"": 1, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""wordpress"", ""enable_watchdog_flag"": 0, ""license"": ""B0317C8A9682B5CD58EB6644CD15AFBF"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEDO4HQE+tLUr9uMbCkfMwkQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEa2tahxxpKSqmo+4pWBb/EdSi9in61f8dsk93fJRx+ophQmjaE8TsHpYQxVkGzF90hDXJo0OZwoFzAxjD/pHu+TAKBggqhkjOPQQDAgNIADBFAiB+gZGV1ggb5yQR+KrPhARSYMwPFW55FnGEYdKRjumwvQIhALdbYC1qsSVNBL3/16fabLbrgcNR7JeAS2XrgN6Y0LaS"", ""tls_key"": ""MHcCAQEEIBjPHudAnN847JkYNehe9TBAtMBTpWQqhrwn/F0+69NxoAoGCCqGSM49AwEHoUQDQgAEa2tahxxpKSqmo+4pWBb/EdSi9in61f8dsk93fJRx+ophQmjaE8TsHpYQxVkGzF90hDXJo0OZwoFzAxjD/pHu+Q=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEBSHYWqh+/5ePV2QsP/3v6owCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnuMJ22VPNrSg7zK0ydvh5f6MY7kFiJ4xXsq3H8B8eJ7u487w6NZ6BvyCjFCJ3Z1SU8eomfx6MJjTDnR6jSPAkjAKBggqhkjOPQQDAgNHADBEAiBC+AHjdpDKv8UXVEMA5IQkQmvkf1tJzyM+9yYj9tK7RAIgNSzVDwHf62skRxhlS+bW+mWtQNLiU98YYuW/tbFwn74=""}}",sleepychanreal[.]com:4040,ZQUIKS,-YG603D
10373926f6d4868e6970e5d1025bfe92e394dd7a6bcc576162e3397f5139ba90,MTGNSGNADS,6/19/2024,njRat,NONE,,,
11892dbe32cebd618deb6dc36477829ef9fb8181d7ec887408f44c08bb5f675b,Sep222peSpe,10/3/2024,Rhadamanthys,NONE,,,
12f358f3b4480d911ff61225acc745510816fe1fd21a4d80f2d8ccc68b0482b9,MENOLOVECROWDSTRIKE,5/19/2024,Vidar,"{""c2"": [""hXXps://65[.]108.55.55:9000""], ""port"": [], ""campaign"": ""f9136e384b87d4d1afc9628498bfd212"", ""mutex"": """", ""Strings"": [""GetProcAddress"", ""LoadLibraryA"", ""lstrcatA"", ""OpenEventA"", ""CreateEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""VirtualAlloc"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""advapi32.dll"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""GetUserNameA"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""NtQueryInformationProcess"", ""VMwareVMware"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""HeapFree"", ""GetFileSize"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""FreeLibrary"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""GetWindowsDirectoryA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""DeleteFileA"", ""FindNextFileA"", ""LocalFree"", ""FindClose"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""ReadFile"", ""SetFilePointer"", ""WriteFile"", ""CreateFileA"", ""FindFirstFileA"", ""CopyFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""lstrcpynA"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""GlobalAlloc"", ""OpenProcess"", ""TerminateProcess"", ""GetCurrentProcessId"", ""gdiplus.dll"", ""ole32.dll"", ""bcrypt.dll"", ""wininet.dll"", ""shlwapi.dll"", ""shell32.dll"", ""psapi.dll"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GdipFree"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""CloseWindow"", ""wsprintfA"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""wsprintfW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegCloseKey"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""ShellExecuteExA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrCmpCA"", ""StrStrA"", ""StrCmpCW"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmGetList"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\\\ProgramData\\\\nss3.dll"", ""NSS_Init"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\\\ProgramData\\\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""profile: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""TRUE"", ""SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies"", ""FALSE"", ""Autofill"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""Name: "", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""Web Data"", ""History"", ""logins[.]json"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""IndexedDB"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""Local State"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion"", ""ProductName"", ""x32"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""DisplayName"", ""HARDWARE\\\\DESCRIPTION\\\\System\\\\CentralProcessor\\\\0"", ""ProcessorNameString"", ""SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall"", ""DisplayVersion"", ""freebl3.dll"", ""mozglue.dll"", ""msvcp140.dll"", ""nss3.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\\\Temp\\\\"", "".exe"", ""runas"", ""open"", ""/c start "", ""%DESKTOP%"", ""%APPDATA%"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%DOCUMENTS%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""%RECENT%"", ""*.lnk"", ""Files"", ""\\\\discord\\\\"", ""\\\\Local Storage\\\\leveldb\\\\CURRENT"", ""\\\\Local Storage\\\\leveldb"", ""\\\\Telegram Desktop\\\\"", ""key_datas"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Telegram"", ""Tox"", ""*.tox"", ""*.ini"", ""Password"", ""\\\\Outlook\\\\accounts[.]txt"", ""Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows Messaging Subsystem\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Pidgin"", ""Software\\\\Microsoft\\\\Office\\\\13.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Software\\\\Microsoft\\\\Office\\\\14.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Software\\\\Microsoft\\\\Office\\15.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""\\\\.purple\\\\"", ""Software\\\\Microsoft\\\\Office\\16.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""accounts[.]xml"", ""Software\\\\Microsoft\\\\Windows Messaging Subsystem\\\\Profiles\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""00000001"", ""00000002"", ""00000003"", ""00000004"", ""dQw4w9WgXcQ"", ""token: "", ""Software\\\\Valve\\\\Steam"", ""SteamPath"", ""\\\\config\\\\"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\\\Steam\\\\"", ""sqlite3.dll"", ""browsers"", ""done"", ""Soft"", ""\\\\Discord\\\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\\\ProgramData\\\\*.dll\""\"" & exit"", ""C:\\\\Windows\\\\system32\\\\cmd.exe"", ""https"", ""Content-Type: multipart/form-data; boundary=----"", ""POST"", ""HTTP/1.1"", ""Content-Disposition: form-data; name=\"""", ""hwid"", ""build"", ""token"", ""file_name"", ""file"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg"", ""uh]"", ""uh]""], ""non_standard"": {""dead_drop"": [""hXXp://5[.]75.212.247:80"", ""hXXps://steamcommunity[.]com/profiles/76561199686524322"", ""hXXps://t[.]me/k0mono""], ""version"": ""9.7""}}",hXXps://65[.]108.55.55:9000,f9136e384b87d4d1afc9628498bfd212,
15dc5d3ff1b6a02a897f1ab58f1aa6411f79479e7b04fc8b96f12db2c6c69d43,Sep   peSpe,9/15/2024,XenoRat,"{""c2"": ""raven123.ddnsgeek[.]com"", ""port"": 4111, ""campaign"": """", ""mutex"": ""Xeno_rat_nd7512d"", ""non_standard"": {""EncryptionKey"": ""A6xnQhbz4Vx2HuGl4lXwZ5U2I8iziLRFnhP5eNfIRvQ="", ""delay"": 5000, ""DoStartup"": 2222, ""Install_path"": ""appdata"", ""startup_name"": ""nothingset""}}",raven123.ddnsgeek[.]com,,Xeno_rat_nd7512d
161f73e22cadcc877a39104f32b3bc9042363c11cd490a9ee8681714148c22f3,LStAFAGTUEACCCb,11/1/2024,Rhadamanthys,NONE,,,
164beea0736231f25917cc0458e0ae9775504982256b3b51dfd209067c7c2e19,oXCEd3tcOtc,11/1/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""procesosespeciales855.casacam[.]net""], ""port"": [""8853""], ""campaign"": ""Solo-Domi-Oros"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""MldpUlFYZHAwZTF3dWR1cmFmOW1pZWVEOFRlU1pHTlg="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""dzzmy4auTq4razCCxJ9UxCmheZJ4VlSHJjDPVHhethxQ6y//N+WEyhllrZCgp8W/ky9ANoX+TI2qAVWfth6+nHayijlRE0Jr45aE1pjCDSyZb0JzM3LV77gQ+PbuaaZfqW4kZxE6f7XvYZxAFrHiupX3OtTYCiW95wYCHoLIh+o="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Solo-Domi-Oros"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",procesosespeciales855.casacam[.]net,Solo-Domi-Oros,DcRatMutex_qwqdanchun
1707eac4efc2ea46c2364b3f3332d75eb414915586c3d199c904240be23c9354,Aug222guAgu,8/29/2024,Rhadamanthys,NONE,,,
170a237345e5767cd4dd4d84b5b777eec2a466982007389a3b0014ea9f631e46,Aug222guAgu,8/20/2024,Remcos,"{""c2"": [""agosto20.con-ip[.]com:7773""], ""port"": [], ""campaign"": ""AVENTURA"", ""mutex"": ""Rmc-JW03CJ"", ""non_standard"": {""c2_list"": ""agosto20.con-ip[.]com:7773:1\u001e"", ""botnet"": ""AVENTURA"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-JW03CJ"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""5362EE03FAA36CB4DF3995B084785A49"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",agosto20.con-ip[.]com:7773,AVENTURA,Rmc-JW03CJ
186b3429bd91f133613c78caacfcde2702503adf2a0fee22af7cfe75561bb11e,Aug 11guAgu,8/13/2024,Remcos,"{""c2"": [""agosto13.con-ip[.]com:7775""], ""port"": [], ""campaign"": ""MARIACHI"", ""mutex"": ""Rmc-CK7NI4"", ""non_standard"": {""c2_list"": ""agosto13.con-ip[.]com:7775:1\u001e"", ""botnet"": ""MARIACHI"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-CK7NI4"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""5362EE03FAA36CB4DF3995B084785A49"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",agosto13.con-ip[.]com:7775,MARIACHI,Rmc-CK7NI4
187cd18caa83a2a938e801288eeb95f2475f9efe97ab62a42314d7cdfc88b33d,sentinelone,4/20/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
18c2df2f2634643072361ced86bd12d503a3f9617a506e7fd01efadf1d095c81,bbbbb5,2/9/2024,HeartCrypt Developer Test Sample,NONE,,,
18c8d79ba3dca33b41b716eca938c61b3bcfa1aa9d524f2646f268f1db7f6a71,NACSKKETTAF,7/28/2024,Vidar,"{""c2"": [""hXXps://188[.]245.87.202""], ""port"": [], ""campaign"": ""5b0092ed2396c3bd3b4369a6d64ff8d5"", ""mutex"": """", ""Strings"": [""INSERT_KEY_HERE"", ""GetProcAddress"", ""LoadLibraryA"", ""lstrcatA"", ""OpenEventA"", ""CreateEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""VirtualAlloc"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""advapi32.dll"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""GetUserNameA"", ""CreateDCA"", ""GetDeviceCaps"", ""CryptStringToBinaryA"", ""sscanf"", ""NtQueryInformationProcess"", ""VMwareVMware"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""HeapFree"", ""GetFileSize"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""FreeLibrary"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""GetWindowsDirectoryA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""DeleteFileA"", ""FindNextFileA"", ""LocalFree"", ""FindClose"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""ReadFile"", ""SetFilePointer"", ""WriteFile"", ""CreateFileA"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""lstrcpynA"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""GlobalAlloc"", ""OpenProcess"", ""TerminateProcess"", ""GetCurrentProcessId"", ""gdiplus.dll"", ""ole32.dll"", ""bcrypt.dll"", ""wininet.dll"", ""shlwapi.dll"", ""shell32.dll"", ""psapi.dll"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GdipFree"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""wsprintfA"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""wsprintfW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegCloseKey"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""ShellExecuteExA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrCmpCA"", ""StrStrA"", ""StrCmpCW"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmGetList"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Init"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""profile: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies"", ""TRUE"", ""FALSE"", ""Autofill"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""Web Data"", ""History"", ""logins[.]json"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""IndexedDB"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""Local State"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""ProductName"", ""x32"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayName"", ""DisplayVersion"", ""freebl3.dll"", ""mozglue.dll"", ""msvcp140.dll"", ""nss3.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""/c start "", ""%DESKTOP%"", ""%APPDATA%"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%DOCUMENTS%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""%RECENT%"", ""*.lnk"", ""Files"", ""\\discord\\"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Telegram"", ""Tox"", ""*.tox"", ""*.ini"", ""Password"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\r.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""00000001"", ""00000002"", ""00000003"", ""00000004"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""\\.purple\\"", ""accounts[.]xml"", ""dQw4w9WgXcQ"", ""token: "", ""Software\\Valve\\Steam"", ""SteamPath"", ""\\config\\"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""sqlite3.dll"", ""browsers"", ""done"", ""Soft"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""https"", ""Content-Type: multipart/form-data; boundary=----"", ""HTTP/1.1"", ""Content-Disposition: form-data; name=\"""", ""hwid"", ""build"", ""token"", ""file_name"", ""file"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg""], ""non_standard"": {""dead_drop"": [""hXXps://steamcommunity[.]com/profiles/76561199747278259"", ""hXXps://t[.]me/armad2a""], ""version"": ""10.6""}}",hXXps://188[.]245.87.202,5b0092ed2396c3bd3b4369a6d64ff8d5,
18d82eb444dd427953ad3bf5dcb5aeb8913d785320009891dd0e71500a07626e,EXC   tcOtc,10/8/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""doesnotkl.dynuddns[.]net""], ""port"": [""11206""], ""campaign"": ""08-Oct"", ""mutex"": ""DcRatMutex_qyunchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""ZEYwaXJjN2VxTjZ6N2NPUXFwcDJMeUw3RHNyREpIV1I="", ""MTX"": ""DcRatMutex_qyunchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n"", ""Server_signa_ture"": ""AxT0xVIsTNluuFCuRLp8BfcZBukXmHCGRYJTYJA7dRrgnx7pZrg2Gvsjulix9mC/YaY/OSgIgpHPzJjMwQJonI8frV1KadIH9PbWrvXx8jJVT1C8980rLbb4ZytOCTYeolTWgSPKbF2K1p2eLamXRPQFj7BOO5/HzrW3OAdLm38="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""08-Oct"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",doesnotkl.dynuddns[.]net,08-Oct,DcRatMutex_qyunchun
19a00488730bc7785390df8887b925f58aa649defbeed9b4ed27a66d5f8b3359,CFEAE1tcOtc,10/14/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""doesnotkl.dynuddns[.]net""], ""port"": [""11206""], ""campaign"": ""010-Oct"", ""mutex"": ""DcRatMutex_qyunchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""MG9yeDBJWVJ4VXdQVHFSOHVnMTQ0QUZnSDdMOTMyak0="", ""MTX"": ""DcRatMutex_qyunchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n"", ""Server_signa_ture"": ""CE3uaRz93jeOR0hpFDSP4+ABpFg4FWQ/65TkPsqSLbTOX+v30Ab9h1S4VulgHPlafpshcGu31c18pa083QEYXjveqfIJWCexL+CL52WQEpbazCiZ9VT/MHewuOqUc42JPkICmQsXO356N7+pk95oBKe6am6Pl41wIspb46dBUlE="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""010-Oct"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",doesnotkl.dynuddns[.]net,010-Oct,DcRatMutex_qyunchun
1a73070f4f7da75fe1c3c39f76d00f341838db6ab067d9f58326eb4b19472eb7,Sep111peSpe,9/10/2024,Remcos,"{""c2"": [""fabiangomezpu1405.con-ip[.]com:1661""], ""port"": [], ""campaign"": ""TOTTEFAN"", ""mutex"": ""Rmc-PSAH55"", ""non_standard"": {""c2_list"": ""fabiangomezpu1405.con-ip[.]com:1661:1\u001e"", ""botnet"": ""TOTTEFAN"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-PSAH55"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""86CDB103BEE8F4F4E4BB432E59BB138D"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",fabiangomezpu1405.con-ip[.]com:1661,TOTTEFAN,Rmc-PSAH55
1cd4ceb10f9445353969b740ae36c2471f68a40489f4c5402679480590d5b2e0,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,2/17/2024,HeartCrypt (Nested Payload),NONE,,,
1d40e7daa7a2fc748c85d3bf233649204163fc179f71d3ff2b3c7f426b0499ae,MTGNSGNADS,5/14/2024,RedlineStealer,"{""c2"": [""149[.]28.222.15:44506""], ""port"": [], ""campaign"": ""0"", ""mutex"": """", ""non_standard"": {""ID"": ""0"", ""Message"": """", ""Key"": ""Pronator"", ""Version"": ""1""}}",149[.]28.222.15:44506,0,
1ded4207f46c167de383235dd94de12f4d144ed4e38b5131dad2fe0cad56fe84,gasgff34534c,5/13/2024,HeartCrypt Developer Test Sample,NONE,,,
1e716acec0f8c78445db489b74b7c3ff027181e332377773f11530a7669f9693,EFF   tcOtc,10/4/2024,AstolfoLoader,NONE,,,
1e7785fad31758029e909c287e5f1798639ec48d4431a45a12b6701cd6e33270,fuckSsentinc,10/11/2024,Remcos,"{""c2"": [""193[.]142.146.21:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-AODUSJ"", ""non_standard"": {""c2_list"": ""193[.]142.146.21:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-AODUSJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""DFFA1C92C00A5B0366971806315D888C"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",193[.]142.146.21:2404,RemoteHost,Rmc-AODUSJ
1e92a017cb91cf900d15f868988a96c02ca483097137da1478a98953ca6db6a3,Sep   peSpe,9/6/2024,Rhadamanthys,NONE,,,
1e9426c5ad1d49235ac06d0c3e7d9d8e08fac6569c0946d569ab713fb3a7f20e,gasgff34534c,9/27/2024,Vidar,"{""c2"": [""hXXps://49[.]12.106.214"", ""hXXps://49[.]12.197.9""], ""port"": [], ""campaign"": """", ""mutex"": """", ""Strings"": [], ""non_standard"": {""dead_drop"": [""hXXps://t[.]me/ae5ed"", ""hXXps://steamcommunity[.]com/profiles/76561199780418869""]}}","hXXps://49[.]12.106.214,hXXps://49[.]12.197.9",,
1eb665c42fe205decfb70e4f2f72508acde642075ab4ad0d2f929f97b4e0661a,NACSKKETTAF,8/31/2024,Remcos,"{""c2"": [""estrillajuju.con-ip[.]com:1668""], ""port"": [], ""campaign"": ""AMIRISMO"", ""mutex"": ""Rmc-LF6LGE"", ""non_standard"": {""c2_list"": ""estrillajuju.con-ip[.]com:1668:1\u001e"", ""botnet"": ""AMIRISMO"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-LF6LGE"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""86CDB103BEE8F4F4E4BB432E59BB138D"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",estrillajuju.con-ip[.]com:1668,AMIRISMO,Rmc-LF6LGE
1f98d9d0535d73965dac132490686e26e29a89eca7001fd7fb9a1bc82e5c9a93,bb,1/27/2024,HeartCrypt (Nested Payload),NONE,,,
1f9f707123e3bb6988741a85e436d229f4c390af717949f7ef1f5257cb993e55,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,2/24/2024,JesterStealer,NONE,,,
1fd2972d72dfbc8b2b0c6bc7c43e3389e67d2bad651cca2583f4f4c7fa443fd1,MTGNSGNADS,5/11/2024,Unknown .NET Loader,NONE,,,
20007eeee7714925edf27094d9109025fdebaac26e1dbf97d51e8917276b6d3a,CFgFEFSATTPFFEA,9/25/2024,PureCrypt,NONE,,,
20144b7fe9b7b3900c8240c1cee5003c0d2647eea6d98f310a71304600def8ea,ACXNTGGCXTL,7/13/2024,HeartCrypt Developer Test Sample,NONE,,,
235be22a82cb8890d91c8cd29992fd044a3c802cc0bc55ee293e14ae54700cfb,DOaEF1tcOtc,10/15/2024,Vidar,"{""c2"": [""hXXps://95[.]217.220.103"", ""hXXps://116[.]203.153.40""], ""port"": [], ""campaign"": """", ""mutex"": """", ""Strings"": [], ""non_standard"": {""dead_drop"": [""hXXps://t[.]me/lpnjoke"", ""hXXps://steamcommunity[.]com/profiles/76561199786602107""]}}","hXXps://95[.]217.220.103,hXXps://116[.]203.153.40",,
23b0b54d1383b9ac94376ea8bbaf0b300cefab64ee61053b50c8553a4a7ad93d,MTGNSGNADS,4/26/2024,Remcos,"{""c2"": [""78[.]142.18.221:2401""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-T8GAMC"", ""non_standard"": {""c2_list"": ""78[.]142.18.221:2401:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-T8GAMC"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""340F978F88BD6DBD5BF1C7A58DB870EE"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA7OOdojOxe2eFf1fBG8unqMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMlwYNqi/kB2yHbLkSIaj62DuH8tNsGJtxSuR6KsQ3+QJqencvlnxmq4JSn0+0EWn6qYh91HDXc22c7iyzRaEAIwCgYIKoZIzj0EAwIDSQAwRgIhAMpY9EFZZyowr8JD/tfrVMIBv4+x9mt/uwy3pHheXiJnAiEAvtFSG9ZI80yr/xBVmsCowUep5gh0yqsHxGbiECltYa4="", ""tls_key"": ""MHcCAQEEIF/IHegOCgW4VlmidNOEm55kYkyVa1N+0dDsbs3GvTTzoAoGCCqGSM49AwEHoUQDQgAEyXBg2qL+QHbIdsuRIhqPrYO4fy02wYm3FK5HoqxDf5Amp6dy+WfGarglKfT7QRafqpiH3UcNdzbZzuLLNFoQAg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICEDt3f464f3YMZvUA1RndTL0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbpBewVrTUruPeTu0Il4Zo1lBqYCGABwclAqrpyun3x3MmUMgSDpwfLIGdqnw3yeXPCAa63awhWnmavkJOPzOBjAKBggqhkjOPQQDAgNIADBFAiEAhJsaTjAoa4DD/+k42Z8z2LhqSlzRaFd1bYA7nDJSulwCIFR+vFBl+ZJ5L7xZDB7iNHujHArvRTDFU9gCGvXIT8SK""}}",78[.]142.18.221:2401,RemoteHost,Rmc-T8GAMC
24c8911a23d4397065614ea4d408b3a67226b8a27f8b08ede937d70ddf98cb98,xCeDs2tcOtc,10/22/2024,Remcos,"{""c2"": [""carrodecarrera.ydns[.]eu:1992""], ""port"": [], ""campaign"": ""ALMUERZO"", ""mutex"": ""Rmc-G2BVXP"", ""non_standard"": {""c2_list"": ""carrodecarrera.ydns[.]eu:1992:1\u001e"", ""botnet"": ""ALMUERZO"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-G2BVXP"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""52FAB4ABA90AF6988E653D18FACD533A"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",carrodecarrera.ydns[.]eu:1992,ALMUERZO,Rmc-G2BVXP
26e5f26a50b29efd559c1fe469831e7c31409351e922b386db911d8320f303f2,Sep111peSpe,9/16/2024,PureCrypt,NONE,,,
270c0ba7e8fac9c92c6a94d03dfda65aef468d0d3a56eedf23ede0d2c3d4de95,MTGNSGNADS,5/3/2024,Unknown .NET Loader,NONE,,,
2832eac061fdbdf5431c134f2a22c5006964fab899bd21c918f6bb010cce32d9,gasgff34534c,3/25/2024,HeartCrypt Developer Test Sample,NONE,,,
28a0366a432fda9d8ce5580ad76bdbf7b194b58e11a1330b415cb74ed856c6fd,43423fdasfdasfa32143242,5/30/2024,Rhadamanthys,NONE,,,
28cd723b82855c9010ddf9a5b23938a4e4aa247d8634c2726a57b450a30d4273,gasgff34534c,4/2/2024,Vidar,"{""c2"": [""hXXps://steamcommunity[.]com/profiles/76561199658817715"", ""hXXps://t[.]me/sa9ok""], ""port"": [], ""campaign"": ""de9b6ac899e7fc69f55a36e15bcd05fe"", ""mutex"": """", ""Strings"": [""INSERT_KEY_HERE"", ""GetProcAddress"", ""LoadLibraryA"", ""lstrcatA"", ""OpenEventA"", ""CreateEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""VirtualAlloc"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""advapi32.dll"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""GetUserNameA"", ""CreateDCA"", ""GetDeviceCaps"", ""CryptStringToBinaryA"", ""sscanf"", ""VMwareVMware"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""HeapFree"", ""GetFileSize"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""FreeLibrary"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""GetWindowsDirectoryA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""DeleteFileA"", ""FindNextFileA"", ""LocalFree"", ""FindClose"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""ReadFile"", ""SetFilePointer"", ""WriteFile"", ""CreateFileA"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""lstrcpynA"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""GlobalAlloc"", ""OpenProcess"", ""TerminateProcess"", ""GetCurrentProcessId"", ""gdiplus.dll"", ""ole32.dll"", ""bcrypt.dll"", ""wininet.dll"", ""shlwapi.dll"", ""shell32.dll"", ""psapi.dll"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GdipFree"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""wsprintfA"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""wsprintfW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegCloseKey"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""ShellExecuteExA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrCmpCA"", ""StrStrA"", ""StrCmpCW"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmGetList"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Init"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""profile: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies"", ""TRUE"", ""FALSE"", ""Autofill"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""Web Data"", ""History"", ""logins[.]json"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""IndexedDB"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""Local State"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""ProductName"", ""x32"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayName"", ""DisplayVersion"", ""freebl3.dll"", ""mozglue.dll"", ""msvcp140.dll"", ""nss3.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""/c start "", ""%DESKTOP%"", ""%APPDATA%"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%DOCUMENTS%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""%RECENT%"", ""*.lnk"", ""Files"", ""\\discord\\"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Telegram"", ""Tox"", ""*.tox"", ""*.ini"", ""Password"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\r.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""00000001"", ""00000002"", ""00000003"", ""00000004"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""\\.purple\\"", ""accounts[.]xml"", ""dQw4w9WgXcQ"", ""token: "", ""Software\\Valve\\Steam"", ""SteamPath"", ""\\config\\"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""sqlite3.dll"", ""browsers"", ""done"", ""Soft"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""https"", ""Content-Type: multipart/form-data; boundary=----"", ""HTTP/1.1"", ""Content-Disposition: form-data; name=\"""", ""hwid"", ""build"", ""token"", ""file_name"", ""file"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg""], ""non_standard"": {""dead_drop"": [], ""version"": ""8.7""}}","hXXps://steamcommunity[.]com/profiles/76561199658817715,hXXps://t[.]me/sa9ok",de9b6ac899e7fc69f55a36e15bcd05fe,
2a4a5dd292f61bc749a25978da5db1f25a1b399a6d739305a5625c9c3c430918,MTGNSGNADS,5/23/2024,Rhadamanthys,NONE,,,
2b1b8be71aeb2a4b42444bc53bf660c76a5d4ccaaaffb92b602cc6ab0366202d,Sep   peSpe,9/11/2024,XWorm,"{""c2"": [""saviloe24.duckdns[.]org"", ""154[.]216.17.204""], ""port"": [""7000""], ""campaign"": """", ""mutex"": ""gv7T2KuFMju7tEJ9"", ""non_standard"": {""KEY"": ""111qqq"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""XWorm V5.6"", ""USBNM"": ""USB.exe"", ""mutex"": ""gv7T2KuFMju7tEJ9""}}","saviloe24.duckdns[.]org,154[.]216.17.204",,gv7T2KuFMju7tEJ9
2b74c2685d3bc1504f20bb93af1a0bf3fb3ec2090b3298b8f025be4550789859,hoLME2tcOtc,10/21/2024,Vidar,"{""c2"": [""hXXps://65[.]109.243.0""], ""port"": [], ""campaign"": """", ""mutex"": """", ""Strings"": [], ""non_standard"": {""dead_drop"": [""hXXps://t[.]me/lpnjoke"", ""hXXps://steamcommunity[.]com/profiles/76561199786602107""]}}",hXXps://65[.]109.243.0,,
2be849154e91a1aa43a1914c7253f08f0029854d309ab4e3d0e264a7424ee8cc,Sep   peSpe,9/6/2024,XenoRat,"{""c2"": ""raven123.ddnsgeek[.]com"", ""port"": 4111, ""campaign"": """", ""mutex"": ""Xeno_rat_nd7512d"", ""non_standard"": {""EncryptionKey"": ""A6xnQhbz4Vx2HuGl4lXwZ5U2I8iziLRFnhP5eNfIRvQ="", ""delay"": 5000, ""DoStartup"": 2222, ""Install_path"": ""appdata"", ""startup_name"": ""nothingset""}}",raven123.ddnsgeek[.]com,,Xeno_rat_nd7512d
2c9b999f3cb82c127bd9bad395dc73304bbddc1015de617cae367dc749e24703,GGGSADEFFTL,8/18/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""dxpam.duckdns[.]org""], ""port"": [""5999""], ""campaign"": ""Default"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""anZMdEVsYU1yVHdNeFAxUFAzOFBTZk8xSURxbzRDUzU="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAIhNlmebb6nSe6ECHjMpYKJ1i7gvMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMDEyODA1MzU1N1oXDTMxMTEwNzA1MzU1N1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALz18kcXxyYRNtzNciIOitqVEEKYOOJZOGjSaWOLKz3M/Df8QpKzt86Y+GK3639BYF/OzJ6i8PyJcI4jCe+L56ytnlJDfAYTzg7df+pvpE6bSgYYgBSEMcKBPrpx6bV5z/V8FOCVqlt9xfM47rHzIs6kOkc0Xu0TqFGxVfi3Koj/AgMBAAGjMjAwMB0GA1UdDgQWBBQOZShjgdZ92lUVGT5AalbF4rcBrDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBABuRWEmIgb/BjPElBrcq4LuUTHLBWgnJN3yXXtFA+Nl/+mYto5FZMUmzz3mbjKRHuzo79jdei4h1vSO9+2gTFWw1mY8HoeEoyL0YExBQMCoUPjpLJEuAydiWBMXXBmv0zPzE3W7zhG6DRe8pXQkZ2yu8c9G4KxXS1ITmSrlJqBQ6"", ""Server_signa_ture"": ""eROjiuz0PWs+xgxamB7sdm3kB9OKtq8I1pPHgtkdiF0h9pw4eJzyp0fCw7zAO7/Q6+ftDqxvY+0OnHCoiErkMARDy55VYX6/gB5S0xXaoVgAqsvboJJN7EtFrwNTMUTPnslStHIwjEI/4a7JpzD5BLO0KCD9qZ2yVxSo7MwJXPE="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Default"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",dxpam.duckdns[.]org,Default,DcRatMutex_qwqdanchun
2f06e10b7dbdad33adbdbad7411c1fb31924d183ae29d7a5e1eb9bba256edcc8,OiuDa3tcOtc,10/31/2024,Remcos,"{""c2"": [""libardino.linkpc[.]net:3019""], ""port"": [], ""campaign"": ""GRIS"", ""mutex"": ""iubefjnwlefnbjwelf-FJ9SFE"", ""non_standard"": {""c2_list"": ""libardino.linkpc[.]net:3019:0\u001e"", ""botnet"": ""GRIS"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""500000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""iubefjnwlefnbjwelf-FJ9SFE"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""registros[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Capturas de pantalla"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""datos"", ""enable_watchdog_flag"": 0, ""license"": ""B6C491A32A67ABEAF5119B1E1658CBF5"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": """", ""tls_key"": """", ""tls_raw_peer_certificate"": """"}}",libardino.linkpc[.]net:3019,GRIS,iubefjnwlefnbjwelf-FJ9SFE
2f35dcd0ee4728492a3917d42b10893a8d44f71e774b058e99aca87de8fd76a3,,9/21/2024,Remcos,"{""c2"": [""septiembre16.con-ip[.]com:7771""], ""port"": [], ""campaign"": ""ACTITUD"", ""mutex"": ""Rmc-C5N17C"", ""non_standard"": {""c2_list"": ""septiembre16.con-ip[.]com:7771:1\u001e"", ""botnet"": ""ACTITUD"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-C5N17C"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""E72B904DDBEB179C52FD89AFD403808C"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",septiembre16.con-ip[.]com:7771,ACTITUD,Rmc-C5N17C
304eedf0c5b7d5fab844104a704741e6c9d4ebcb8515d19e85db979668bc3cb8,Edwardsigunecia,9/9/2024,HeartCrypt (Nested Payload),NONE,,,
310d4ec3b694aa3503a8d5a5adddbe1c0d87935b0fa01e640b0df602c1505234,GGGSADEFFTL,8/24/2024,njRat,NONE,,,
311934efae99b694091136c03c7277823018818578c5993e77ddbedd3ae1a166,OiuDa3tcOtc,10/31/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""word8328.duckdns[.]org""], ""port"": [""8328""], ""campaign"": ""ZZZ-oct-31"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""SVFjdjFvY0xTZ0NUUVpNTFp0SXJ0V090dVVPWDVPSGo="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""czHNNutVfd5y0q13T91EqOdipBIY2aKFIkyhh1BzLopZR5Jmk+2Nw3daWxQIdHYujEiNaxwmhdlwT+GZUc5TADp3tVt+osq2/6dnG56zfjSnQxgxf44d8WzfEWluyzZ+CCq8h/7dT3/z0NNxNf2J2N+VBzQPwM9qOBF1km2u8H4="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""ZZZ-oct-31"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",word8328.duckdns[.]org,ZZZ-oct-31,DcRatMutex_qwqdanchun
3301f2b58611f44949aa360520806090aeabd3eb88cfbddce254579ff7966e04,b66dd5sss,1/6/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
337a0dff907453cd0d54ac5ecf32647e65862a3022c214ddbca0403975536b02,Aug111guAgu,8/16/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""perezedc95.duckdns[.]org""], ""port"": [""4040""], ""campaign"": ""agosto 16"", ""mutex"": ""firewallrtfghyulgsmmkliyrefdswaqbloi"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": ""firewall"", ""Key"": ""ajBWcnlUUVpWbnVSVEY2YW9xSUwzVjIxMEw0Y09ZU2I="", ""MTX"": ""firewallrtfghyulgsmmkliyrefdswaqbloi"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVALHnIPqvO0ejsIiXRAS4cjBZw0S5MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMTAxMzE2NDExOFoXDTMzMDcyMjE2NDExOFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAI9TFguVgCTtF7U7ZaWys4ygvnAGaWgPqOEwcHdwkQ/clDk+TcRb2GA2NOGmrx4CTSEjxO9rcffe+KH/fqI4iMeJENTGQppXZ2U9364EL6jR+2RZZsNj6BKCmal9X2cF4hNjmqw6eYJNz0oAIzEXaa1haNUmF8DAGBUcPJTYLEXRAgMBAAGjMjAwMB0GA1UdDgQWBBQZcjTnccP11MPXG5vPC6QzfmaTJTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAE9RAtXZ3EBORUg4Gv1XH/0bPpBcSqnBYrWNk4GEntDsNKVGpc927yFnHtuoRPh+ZgPwNfeVidop5WckVEYBBwb6R1YOHuhrTKs5fi/8Uvdnyvspng7RtsgVGIDTLg6bMFaZ6tnuQBjnijtgPtpawqnu49I6cDphXwpqLnuQLUzJ"", ""Server_signa_ture"": ""EPoF1cqstfUmLSNoKWNITVscySpzVP7cURZvRYWFBVfHiI0thwzwzxxs0NqjxjeKhlyIL7koxas/EvWRYvK9u+WwgIFl85+x3HfgWxKC3vrquN5hiJ/Mi9oDgridlw2Z0jZ21bX07FQaLm9TJp4S17zjjhllZ2AiM4sPwoAeTRs="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""15"", ""Group"": ""agosto 16"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",perezedc95.duckdns[.]org,agosto 16,firewallrtfghyulgsmmkliyrefdswaqbloi
337ea5023b686cef1161d504abcd0e313eac5bfb586738a7a99d005f3899db77,gasgff34534c,4/14/2024,XWorm,"{""c2"": [""194[.]110.172.149""], ""port"": [""7705""], ""campaign"": """", ""mutex"": ""ie6TxRDTVoVEUmOQ"", ""non_standard"": {""KEY"": ""<123456789>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""TomBots"", ""USBNM"": ""USB.exe"", ""mutex"": ""ie6TxRDTVoVEUmOQ""}}",194[.]110.172.149,,ie6TxRDTVoVEUmOQ
34889881131cb905767fea3314047acf036c05dd2c5a199ecec0de4a5230c1d5,XsxLO1tcOtc,10/16/2024,Remcos,"{""c2"": [""assaasjdnsubdcdy.con-ip[.]com:1667""], ""port"": [], ""campaign"": ""Voltarger"", ""mutex"": ""Rmc-6611TX"", ""non_standard"": {""c2_list"": ""assaasjdnsubdcdy.con-ip[.]com:1667:1\u001e"", ""botnet"": ""Voltarger"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-6611TX"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""86CDB103BEE8F4F4E4BB432E59BB138D"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",assaasjdnsubdcdy.con-ip[.]com:1667,Voltarger,Rmc-6611TX
34c10230a2a1c5a92f3a3aee064fe14f653703719f9ab479fc57c853cb388190,LStAFAGTUEACCCb,10/1/2024,Vidar,"{""c2"": [""hXXps://49[.]12.197.9"", ""hXXps://49[.]12.106.214""], ""port"": [], ""campaign"": """", ""mutex"": """", ""Strings"": [], ""non_standard"": {""dead_drop"": [""hXXps://t[.]me/ae5ed"", ""hXXps://steamcommunity[.]com/profiles/76561199780418869""]}}","hXXps://49[.]12.197.9,hXXps://49[.]12.106.214",,
366effe5cdcdb1a27d7ded62d1bad9e75ec4be18e6315134208c076b5e73df32,CFgFEFSATTPFFEA,10/7/2024,PureCrypt,NONE,,,
368e1391adb5f1c558033a5eb1436fc16661924e7016b56d94dc19defc21d9e3,GGGSADEFFTL,7/25/2024,Vidar,"{""c2"": [""hXXps://5[.]75.253.161""], ""port"": [], ""campaign"": ""81c264a95a2a254a5a3aed4b39eeab80"", ""mutex"": """", ""Strings"": [""INSERT_KEY_HERE"", ""GetProcAddress"", ""lstrcatA"", ""OpenEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""NtQueryInformationProcess"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""FindNextFileA"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""SetFilePointer"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""TerminateProcess"", ""GetCurrentProcessId"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrStrA"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""TRUE"", ""FALSE"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""History"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayVersion"", ""msvcp140.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""*.lnk"", ""Files"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Tox"", ""*.tox"", ""*.ini"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""accounts[.]xml"", ""token: "", ""Software\\Valve\\Steam"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""Content-Type: multipart/form-data; boundary=----"", ""Content-Disposition: form-data; name=\"""", ""build"", ""token"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg""], ""non_standard"": {""dead_drop"": [""hXXps://steamcommunity[.]com/profiles/76561199743486170"", ""hXXps://t[.]me/s41l0""], ""version"": ""10.5""}}",hXXps://5[.]75.253.161,81c264a95a2a254a5a3aed4b39eeab80,
37a5b1ebe01fca754b6878ae5040d7ebe179eaa7701fbe937888f5be1248e83d,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,3/15/2024,Remcos,"{""c2"": [""fenvijsdfidfisdiodwhfuew.con-ip[.]com:1997""], ""port"": [], ""campaign"": ""FRIOO"", ""mutex"": ""Rmc-N75JY7"", ""non_standard"": {""c2_list"": ""fenvijsdfidfisdiodwhfuew.con-ip[.]com:1997:1\u001e"", ""botnet"": ""FRIOO"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-N75JY7"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""0D8C3C4C423A1D4F37D3E60828A45BCF"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",fenvijsdfidfisdiodwhfuew.con-ip[.]com:1997,FRIOO,Rmc-N75JY7
37f4db3ec19120703cdfc716656e2af547088802c264bcaa34806cb4b2612d19,gasgff34534c,8/20/2024,JasonStealer,NONE,,,
3878a0e50206a6d660b7234483c9d79c8db99c23d2fc281f09435bee25edd577,MTGNSGNADS,7/3/2024,LummaStealer,"{""c2"": [""smallelementyjdui[.]shop"", ""prideconstituiiosjk[.]shop"", ""minorittyeffeoos[.]shop"", ""appetitesallooonsj[.]shop"", ""headraisepresidensu[.]shop"", ""tendencyportionjsuk[.]shop"", ""lineagelasserytailsd[.]shop"", ""sofaprivateawarderysj[.]shop"", ""sloganprogrevidefkso[.]shop""], ""port"": [], ""campaign"": ""pZNyA8--ALinh"", ""mutex"": """", ""non_standard"": {}}","smallelementyjdui[.]shop,prideconstituiiosjk[.]shop,minorittyeffeoos[.]shop,appetitesallooonsj[.]shop,headraisepresidensu[.]shop,tendencyportionjsuk[.]shop,lineagelasserytailsd[.]shop,sofaprivateawarderysj[.]shop,sloganprogrevidefkso[.]shop",pZNyA8--ALinh,
39a55348da6772b444792bb09282c7450010850442d6c00b7a8f04a9eaf96226,oEODf2tcOtc,10/25/2024,Remcos,"{""c2"": [""9238db8un3ifd32d3423fwdsx.ydns[.]eu:5023""], ""port"": [], ""campaign"": ""25==OCT--2024 NUEVO"", ""mutex"": ""Rmc-GTNQ3M"", ""non_standard"": {""c2_list"": ""9238db8un3ifd32d3423fwdsx.ydns[.]eu:5023:1\u001e"", ""botnet"": ""25==OCT--2024 NUEVO"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-GTNQ3M"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""67AC5211C5815C7EFECCB748C0A1748F"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA/bK072R8ULSeOSr5wUkeEMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA6VI2iU8kQnjaxGQYZ1oOLiaXXpoQjtj7hJtuy1r3G/TBrRcCL/wyrO0LmSJpiu7EB437pCrDvLOwjUeG7tMkYwCgYIKoZIzj0EAwIDSQAwRgIhAOSn37JeyD+DIWNHGE1xcYdm1RrQ8TT8hiLd9UIfm9uuAiEA7GC6L19W5lN5cfD3Rh2Ior++WuiLxQwnvw7H9AP/egA="", ""tls_key"": ""MHcCAQEEIJG09kVEQDINj8+wjHIe85JcOXQro5U9++N24NOCtOYMoAoGCCqGSM49AwEHoUQDQgAEDpUjaJTyRCeNrEZBhnWg4uJpdemhCO2PuEm27LWvcb9MGtFwIv/DKs7QuZImmK7sQHjfukKsO8s7CNR4bu0yRg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICED1NkqG7jUVs6UE+9lfC9FgwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECd6OUnfQld2gC9x8EQRhtR8SxJVg8oG9XKYRGj3Bl2o3nxXg5UX+DJrxL2ck0tBmDDoUhbl6AoiS4LqLq0jehDAKBggqhkjOPQQDAgNIADBFAiBPs4LgiRbRQ2McVsYAzfd/Q/h5nMAd2ZznwiDFiFSGBQIhANcDTxlBaY+lmnofU7TMD8RRqIs9H3Tqnu3QRNLrm6d0""}}",9238db8un3ifd32d3423fwdsx.ydns[.]eu:5023,25==OCT--2024 NUEVO,Rmc-GTNQ3M
3a45d80180a157ec0aa70298d5eef0cbc13740fcf6323f705bfc10525cb217a8,MTGNSGNADS,5/15/2024,LummaStealer,"{""c2"": [""smallelementyjdui[.]shop"", ""prideconstituiiosjk[.]shop"", ""minorittyeffeoos[.]shop"", ""appetitesallooonsj[.]shop"", ""headraisepresidensu[.]shop"", ""tendencyportionjsuk[.]shop"", ""lineagelasserytailsd[.]shop"", ""sofaprivateawarderysj[.]shop"", ""wastwfulldashiwnjs[.]shop""], ""port"": [], ""campaign"": ""JNrMLk--cript400"", ""mutex"": """", ""non_standard"": {}}","smallelementyjdui[.]shop,prideconstituiiosjk[.]shop,minorittyeffeoos[.]shop,appetitesallooonsj[.]shop,headraisepresidensu[.]shop,tendencyportionjsuk[.]shop,lineagelasserytailsd[.]shop,sofaprivateawarderysj[.]shop,wastwfulldashiwnjs[.]shop",JNrMLk--cript400,
3c5859206c81aaf8e9ae611f380aea0185dc67746410589b0ea77bc991c1d265,Edwardsigunecia,8/28/2024,JasonStealer,NONE,,,
3cdb3d9f4ea6e815270433385d7f8a1a4432aa18f11411cf7719fa58671f26ed,Aug222guAgu,10/4/2024,AstolfoLoader,NONE,,,
3d47f583cdcd3a9e04a33f93333dd38b382fd3b7c82cfc7e09cb8dad5beecfe7,,3/13/2024,Vidar,NONE,,,
3d7c57fd5e035b159d4f1460989924756a725db772787cf8ad67d543c510fe54,43423fdasfdasfa32143242,3/18/2024,WarzoneRat,"{""c2"": [""l34d3r.duckdns[.]org""], ""port"": [4047], ""campaign"": """", ""mutex"": """", ""non_standard"": {""warzone_id"": ""BBE9PTXBVB""}}",l34d3r.duckdns[.]org,,
3e6642f7100bb72137d68b5aa34a2d1f1a75722ab7d2b15987bbdeb84bc3265e,GGXGTGGCXTL,7/14/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
3e6f8a670eb5507fb32d99c8e2ee8ac3dd3a03312793a3ce2c1cbb6eb69e3fd6,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,2/27/2024,RisePro,"{""c2"": ""91[.]92.244.67:50500"", ""port"": [], ""campaign"": """", ""mutex"": """", ""non_standard"": {}}",91[.]92.244.67:50500,,
3e9dc00f7570354ba5099d43f1df7e6c6703632f24e57d8a58c5d0bbe1f61e4d,HONEYIAMHOME,4/20/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
3ed1506c27dc92c44fd3b21fdcbd4c196e6190c4de6ec68a5ad2cfedca36e5ce,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,3/27/2024,XenoRat,"{""c2"": ""0.tcp.ngrok[.]io"", ""port"": 10369, ""campaign"": """", ""mutex"": ""Xeno_rat_nd8912d"", ""non_standard"": {""EncryptionKey"": ""47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="", ""delay"": 5000, ""DoStartup"": 2222, ""Install_path"": ""appdata"", ""startup_name"": ""nothingset""}}",0.tcp.ngrok[.]io,,Xeno_rat_nd8912d
406ef6e503a9b005af95d6813f239803535eb7d9dab5cac2516b6ae9e3848cce,MTGNSGNADS,5/3/2024,Unknown .NET Loader,NONE,,,
4103fed41f19837a4ac6f6d5c82e82f43c3bf141247e7cac410c4cd93847f969,Sep111peSpe,9/14/2024,HeartCrypt Developer Test Sample,NONE,,,
4237fb3fe85bf5f0c3c19c45ae85f76d0c527cb5d531736a1430f6f8eb10e54a,NACSKKETTAF,7/28/2024,Rhadamanthys,NONE,,,
42a098586b632e65c8b350bab9846eb0943c54ffc6f81c44b18f5d8e772fe36b,DOaEF1tcOtc,10/15/2024,HeartCrypt (Nested Payload),NONE,,,
42c18f233d6e89be69298fecfc935b14a0d69447a22e2a3195e50131261b038e,MENOLOVECROWDSTRIKE,5/21/2024,Vidar,"{""c2"": [""hXXps://t[.]me/copterwin"", ""hXXps://steamcommunity[.]com/profiles/76561199689717899""], ""port"": [], ""campaign"": ""ee0d1ad887302e80e5ec85ff356de25f"", ""mutex"": """", ""Strings"": [""GetProcAddress"", ""LoadLibraryA"", ""lstrcatA"", ""OpenEventA"", ""CreateEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""VirtualAlloc"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""advapi32.dll"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""GetUserNameA"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""NtQueryInformationProcess"", ""VMwareVMware"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""HeapFree"", ""GetFileSize"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""FreeLibrary"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""GetWindowsDirectoryA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""DeleteFileA"", ""FindNextFileA"", ""LocalFree"", ""FindClose"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""ReadFile"", ""SetFilePointer"", ""WriteFile"", ""CreateFileA"", ""FindFirstFileA"", ""CopyFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""lstrcpynA"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""GlobalAlloc"", ""OpenProcess"", ""TerminateProcess"", ""GetCurrentProcessId"", ""gdiplus.dll"", ""ole32.dll"", ""bcrypt.dll"", ""wininet.dll"", ""shlwapi.dll"", ""shell32.dll"", ""psapi.dll"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GdipFree"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""CloseWindow"", ""wsprintfA"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""wsprintfW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegCloseKey"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""ShellExecuteExA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrCmpCA"", ""StrStrA"", ""StrCmpCW"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmGetList"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\\\ProgramData\\\\nss3.dll"", ""NSS_Init"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\\\ProgramData\\\\"", ""Soft: "", ""SELECT origin_url, username_value, password_value FROM logins"", ""profile: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies"", ""TRUE"", ""FALSE"", ""Autofill"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""Web Data"", ""History"", ""logins[.]json"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""formhistory[.]sqlite"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""IndexedDB"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""Local State"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""ProductName"", ""SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion"", ""x32"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\\\DESCRIPTION\\\\System\\\\CentralProcessor\\\\0"", ""ProcessorNameString"", ""SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall"", ""DisplayName"", ""DisplayVersion"", ""freebl3.dll"", ""mozglue.dll"", ""msvcp140.dll"", ""nss3.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\\\Temp\\\\"", "".exe"", ""runas"", ""open"", ""/c start "", ""%DESKTOP%"", ""%APPDATA%"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%DOCUMENTS%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""%RECENT%"", ""*.lnk"", ""Files"", ""\\\\discord\\\\"", ""\\\\Local Storage\\\\leveldb\\\\CURRENT"", ""\\\\Local Storage\\\\leveldb"", ""\\\\Telegram Desktop\\\\"", ""key_datas"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Telegram"", ""Tox"", ""*.tox"", ""*.ini"", ""Password"", ""Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows Messaging Subsystem\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""\\\\Outlook\\\\accounts[.]txt"", ""Software\\\\Microsoft\\\\Office\\\\13.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Software\\\\Microsoft\\\\Office\\\\14.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Software\\\\Microsoft\\\\Office\\15.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Pidgin"", ""Software\\\\Microsoft\\\\Office\\16.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""\\\\.purple\\\\"", ""Software\\\\Microsoft\\\\Windows Messaging Subsystem\\\\Profiles\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""00000001"", ""00000002"", ""00000003"", ""00000004"", ""accounts[.]xml"", ""dQw4w9WgXcQ"", ""token: "", ""Software\\\\Valve\\\\Steam"", ""SteamPath"", ""\\\\config\\\\"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\\\Steam\\\\"", ""sqlite3.dll"", ""browsers"", ""done"", ""Soft"", ""\\\\Discord\\\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\\\ProgramData\\\\*.dll\""\"" & exit"", ""C:\\\\Windows\\\\system32\\\\cmd.exe"", ""https"", ""POST"", ""Content-Type: multipart/form-data; boundary=----"", ""HTTP/1.1"", ""Content-Disposition: form-data; name=\"""", ""hwid"", ""build"", ""token"", ""file_name"", ""file"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg"", ""uh]"", ""uh]""], ""non_standard"": {""dead_drop"": [], ""version"": ""9.8""}}","hXXps://t[.]me/copterwin,hXXps://steamcommunity[.]com/profiles/76561199689717899",ee0d1ad887302e80e5ec85ff356de25f,
438173fc774f8e827a861804a9af18e328f72363aad164e1d4213b302f7bc904,bbbbb5,1/14/2024,HeartCrypt Developer Test Sample,NONE,,,
43ab8d538551ee2d920b1780bced4a7e97a3e9cf8d6f47b6634219120c1ca3de,MTGNSGNADS,5/25/2024,Vidar,"{""c2"": [""hXXps://t[.]me/copterwin"", ""hXXps://steamcommunity[.]com/profiles/76561199689717899""], ""port"": [], ""campaign"": ""abe3e54a3613d116838d60717005f335"", ""mutex"": """", ""Strings"": [""GetProcAddress"", ""LoadLibraryA"", ""lstrcatA"", ""OpenEventA"", ""CreateEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""VirtualAlloc"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""advapi32.dll"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""GetUserNameA"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""NtQueryInformationProcess"", ""VMwareVMware"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""HeapFree"", ""GetFileSize"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""FreeLibrary"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""GetWindowsDirectoryA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""DeleteFileA"", ""FindNextFileA"", ""LocalFree"", ""FindClose"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""ReadFile"", ""SetFilePointer"", ""WriteFile"", ""CreateFileA"", ""FindFirstFileA"", ""CopyFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""lstrcpynA"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""GlobalAlloc"", ""OpenProcess"", ""TerminateProcess"", ""GetCurrentProcessId"", ""gdiplus.dll"", ""ole32.dll"", ""bcrypt.dll"", ""wininet.dll"", ""shlwapi.dll"", ""shell32.dll"", ""psapi.dll"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GdipFree"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""CloseWindow"", ""wsprintfA"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""wsprintfW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegCloseKey"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""ShellExecuteExA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrCmpCA"", ""StrStrA"", ""StrCmpCW"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmGetList"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\\\ProgramData\\\\nss3.dll"", ""NSS_Init"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\\\ProgramData\\\\"", ""Soft: "", ""SELECT origin_url, username_value, password_value FROM logins"", ""profile: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies"", ""TRUE"", ""FALSE"", ""Autofill"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""Web Data"", ""History"", ""logins[.]json"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""formhistory[.]sqlite"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""IndexedDB"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""Local State"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""ProductName"", ""SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion"", ""x32"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\\\DESCRIPTION\\\\System\\\\CentralProcessor\\\\0"", ""ProcessorNameString"", ""SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall"", ""DisplayName"", ""DisplayVersion"", ""freebl3.dll"", ""mozglue.dll"", ""msvcp140.dll"", ""nss3.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\\\Temp\\\\"", "".exe"", ""runas"", ""open"", ""/c start "", ""%DESKTOP%"", ""%APPDATA%"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%DOCUMENTS%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""%RECENT%"", ""*.lnk"", ""Files"", ""\\\\discord\\\\"", ""\\\\Local Storage\\\\leveldb\\\\CURRENT"", ""\\\\Local Storage\\\\leveldb"", ""\\\\Telegram Desktop\\\\"", ""key_datas"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Telegram"", ""Tox"", ""*.tox"", ""*.ini"", ""Password"", ""Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows Messaging Subsystem\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""\\\\Outlook\\\\accounts[.]txt"", ""Software\\\\Microsoft\\\\Office\\\\13.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Software\\\\Microsoft\\\\Office\\\\14.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Software\\\\Microsoft\\\\Office\\15.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Pidgin"", ""Software\\\\Microsoft\\\\Office\\16.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""\\\\.purple\\\\"", ""Software\\\\Microsoft\\\\Windows Messaging Subsystem\\\\Profiles\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""00000001"", ""00000002"", ""00000003"", ""00000004"", ""accounts[.]xml"", ""dQw4w9WgXcQ"", ""token: "", ""Software\\\\Valve\\\\Steam"", ""SteamPath"", ""\\\\config\\\\"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\\\Steam\\\\"", ""sqlite3.dll"", ""browsers"", ""done"", ""Soft"", ""\\\\Discord\\\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\\\ProgramData\\\\*.dll\""\"" & exit"", ""C:\\\\Windows\\\\system32\\\\cmd.exe"", ""https"", ""POST"", ""Content-Type: multipart/form-data; boundary=----"", ""HTTP/1.1"", ""Content-Disposition: form-data; name=\"""", ""hwid"", ""build"", ""token"", ""file_name"", ""file"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg"", ""uh]"", ""uh]""], ""non_standard"": {""dead_drop"": [], ""version"": ""9.8""}}","hXXps://t[.]me/copterwin,hXXps://steamcommunity[.]com/profiles/76561199689717899",abe3e54a3613d116838d60717005f335,
43eacfea81d9b80b7ff71ea949b4ef0f9267f833e7b8b3542c82407fdf9f0a3f,,1/8/2024,HeartCrypt Developer Test Sample,NONE,,,
4404ab406750312cdabb565b04500d9b94be2e80894d9b5b869e45daf994acfd,CFEAE1tcOtc,10/13/2024,LummaStealer,"{""c2"": [""drawwyobstacw[.]sbs"", ""condifendteu[.]sbs"", ""ehticsprocw[.]sbs"", ""vennurviot[.]sbs"", ""resinedyw[.]sbs"", ""enlargkiw[.]sbs"", ""allocatinow[.]sbs"", ""mathcucom[.]sbs"", ""resinedyw[.]sbs""], ""port"": [], ""campaign"": ""sG8pjw--MagooBR"", ""mutex"": """", ""non_standard"": {}}","drawwyobstacw[.]sbs,condifendteu[.]sbs,ehticsprocw[.]sbs,vennurviot[.]sbs,resinedyw[.]sbs,enlargkiw[.]sbs,allocatinow[.]sbs,mathcucom[.]sbs,resinedyw[.]sbs",sG8pjw--MagooBR,
44e79edd7a2f9d5f9140db1b213091322d0629de1c3f02a8c42e029890503cda,Sep222peSpe,9/20/2024,LummaStealer,"{""c2"": [""carrtychaintnyw[.]shop"", ""quotamkdsdqo[.]shop"", ""milldymarskwom[.]shop"", ""metallygaricwo[.]shop"", ""opponnentduei[.]shop"", ""puredoffustow[.]shop"", ""achievenmtynwjq[.]shop"", ""chickerkuso[.]shop"", ""aviatiiitwinq[.]shop""], ""port"": [], ""campaign"": ""YT6gHy--"", ""mutex"": """", ""non_standard"": {}}","carrtychaintnyw[.]shop,quotamkdsdqo[.]shop,milldymarskwom[.]shop,metallygaricwo[.]shop,opponnentduei[.]shop,puredoffustow[.]shop,achievenmtynwjq[.]shop,chickerkuso[.]shop,aviatiiitwinq[.]shop",YT6gHy--,
4534f19c76fcfcd817365b67e0feb22c2c59b00c43bc7ab5b6ac04975da21cc6,XsxLO1tcOtc,10/18/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""doesnotkl.dynuddns[.]net""], ""port"": [""11206""], ""campaign"": ""016-Oct"", ""mutex"": ""DcRatMutex_qyunchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""dWtwWUNQbGtNeEU5Y1ByVW03WFduVktKUXhjTGVhR2I="", ""MTX"": ""DcRatMutex_qyunchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n"", ""Server_signa_ture"": ""jRcvUsaNjazroIwHKAVBjDaUkWZRbsjt3i6lwXakxZ2Ode2ZZRpm61El36+/aA+mvYQ+2xz3wjVBYlZlrAKXrCNtluMVaPULSWZOkUL7DilJsMsuXf7Bsc4BDAQmZV6bmcTd1mPhl/G+I0ToL6w4hVbTltBiisKogVggxmE6y4Q="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""016-Oct"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",doesnotkl.dynuddns[.]net,016-Oct,DcRatMutex_qyunchun
45980fb785c9c2ccd9f1b84b2906453edcf5700a59d5561b5d7bb0f8da71da2a,kk,1/8/2024,HeartCrypt Developer Test Sample,NONE,,,
45ce39ce5eef5afd148e6bda2802b60f8bc388d279c1c2bb03d3795b207d4523,GGGSADEFFTL,7/29/2024,RedlineStealer,"{""c2"": [""45[.]77.166.78:44506""], ""port"": [], ""campaign"": ""CENTER X"", ""mutex"": """", ""non_standard"": {""ID"": ""CENTER X"", ""Message"": """", ""Key"": ""Civilities"", ""Version"": ""1""}}",45[.]77.166.78:44506,CENTER X,
470d98bde49951ecc819033f47492bbfc87be5767c5820e9f3190a4b8151c5a5,Edwardsigunecia,7/30/2024,PureCrypt Loader,NONE,,,
479807c1f3eb9d9fab9b6ab2853604bcc97d9f090ae4fb14d66747fd66e5993e,gasgff34534c,6/21/2024,RaccoonStealer,"{""c2"": [""hXXp://188[.]40.248.148:80""], ""port"": [], ""campaign"": """", ""mutex"": ""stasvasbas"", ""non_standard"": {""UserAgent"": ""MrBidenNeverKnow""}}",hXXp://188[.]40.248.148:80,,stasvasbas
47e3b3c0e9633dbba588060bbd946d13658d2a49678d0ed0f4e21cc9d8370058,ATGNSGNADS,7/4/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""dcmayofornuevo.dynuddns[.]com""], ""port"": [""7997""], ""campaign"": ""26 de Junio"", ""mutex"": ""JYFGIUHJ"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""eWx1ZDJibnRhTklDcFRIb01wSnRhZ0dRYWVKZXVsSUs="", ""MTX"": ""JYFGIUHJ"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n"", ""Server_signa_ture"": ""ksD+EIr8k8impgl7NugILAEPbd/6a/4BRMqGhfAgOJlXLIEMLVERgg/++N37vvwFfgSR6msWGgcH9fbHZNSFDg8S4Dw3Z1ZO5tLoQDDJ83baqE+vzI23XKMfOSFVWW2rSowYGQfZZNlLKmUGD0wCTnPwKU6hNgViwCYN4Ow1f5Y="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""26 de Junio"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",dcmayofornuevo.dynuddns[.]com,26 de Junio,JYFGIUHJ
48cff22bae20cb599fcdcec8b4fb41e4785ba5c19123a728fc4f8244f7a900f4,Aug111guAgu,8/19/2024,Rhadamanthys,NONE,,,
48e1b13ffa233c40c0a24026d2c7236796b8fce6956235f29246a4717728ec42,MTGNSGNADS,7/3/2024,Rhadamanthys,NONE,,,
495897a0e9d55bbd06884df8b9b7c15d9c398e825538d7a235cbfb7d75d4b99e,oEODf2tcOtc,10/25/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""puerto4001.duckdns[.]org""], ""port"": [""4001""], ""campaign"": ""BLAS-25-LLEGADERA-PAINT"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""eTVEdlVmQWhuNzRob2w0TFFQTFlLcHZKVldJakhDNFc="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""IRKIIP2uhfW1w5zr5SEwZrxlZdOVSH0lvW1lZ6l/eNCBnuvcErHDHQ4XaFoALWfqFOciQREEcuPfa6YxKziiOZjCQQbQjE0LnvvoS77wEL67q3i4LUD3xSdgSXsWDx+q5LwcxK/NUkPjctjsTzfQalvrzWDuNgfZx2FZk6Lrpzc="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""BLAS-25-LLEGADERA-PAINT"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",puerto4001.duckdns[.]org,BLAS-25-LLEGADERA-PAINT,DcRatMutex_qwqdanchun
49735d3992131f165199287d0b5997dfa8e035a10177ea556e957d3cac7a1cb4,Aug222guAgu,10/23/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""trackboxing.dynuddns[.]net""], ""port"": [""11203""], ""campaign"": ""29Ago"", ""mutex"": ""DcRatMutex_q77"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""OHBHeXpEU3pWWGVBemdEdjFmMXF4OHVUV3kwRmFlQWY="", ""MTX"": ""DcRatMutex_q77"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n"", ""Server_signa_ture"": ""lUuUOk2aMdfFmhiAMzvus5v6mcrdqpYY8Xi6zoC/EXTmDeDAUBNQAZVMUcpDmpxPJtUXHr6RFaWCAdByrm3YDoRervg+wciu8Ypub8xijchLmz9P8gaHfe+R88yVwy1W9VaCXHu7sVbzJm8/8u2SQfdLkvJ4BGllBcTABXY4MSY="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""29Ago"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",trackboxing.dynuddns[.]net,29Ago,DcRatMutex_q77
4a9e11f3a1b5b7543f00f4f662b4602c5449c78f7181a139af3b804aa7316006,Aug111guAgu,8/22/2024,Rhadamanthys,NONE,,,
4af6877b9e52c8ce27aadf8d95429dc5fbcbbe663a3bff94367aafabea6327a8,AFD   tcOtc,10/16/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""doctorganador.duckdns[.]org""], ""port"": [""6600""], ""campaign"": ""TE AMO DIOS "", ""mutex"": ""DcRatMutex_qwqdAKnsAJndk5aroiiswi499343"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": ""SEPTIEMBRE.exe"", ""Key"": ""RXQwT2RyYVZOZTJBdW9wc096WGpuMjIyUFBwMjBzT3k="", ""MTX"": ""DcRatMutex_qwqdAKnsAJndk5aroiiswi499343"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""RR3J3IkEvetryI/o6IiLoL2QS/3z3+W01fOYs29pZAfMGrmoqK3k5DgEwngOWDNYd3Xt6qOlhFnkIJcSWtT/lalrg9P2+7bLxdhQ/rslTIUfWE7I5RTr5atNyeHf6m8OSIeVmfQ+6NLw4YLuIaS0IcpheMWfVgRaQhOPpuqzvEg="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""TE AMO DIOS "", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",doctorganador.duckdns[.]org,TE AMO DIOS,DcRatMutex_qwqdAKnsAJndk5aroiiswi499343
4b42ed6bfed1bd64fbcc07e4ef108ae715802d54f2d7b1268aeab39d8a2966e8,Sep222peSpe,9/20/2024,Remcos,"{""c2"": [""ufye28738bd3yv23d783.con-ip[.]com:5023""], ""port"": [], ""campaign"": ""32303f3f3f5365707469656dbfbf32303234"", ""mutex"": ""Rmc-WM7NR4"", ""non_standard"": {""c2_list"": ""ufye28738bd3yv23d783.con-ip[.]com:5023:1\u001e"", ""botnet"": ""32303f3f3f5365707469656dbfbf32303234"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-WM7NR4"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""D60D347B92E1AF41287C54A0914B0C7A"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA/bK072R8ULSeOSr5wUkeEMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA6VI2iU8kQnjaxGQYZ1oOLiaXXpoQjtj7hJtuy1r3G/TBrRcCL/wyrO0LmSJpiu7EB437pCrDvLOwjUeG7tMkYwCgYIKoZIzj0EAwIDSQAwRgIhAOSn37JeyD+DIWNHGE1xcYdm1RrQ8TT8hiLd9UIfm9uuAiEA7GC6L19W5lN5cfD3Rh2Ior++WuiLxQwnvw7H9AP/egA="", ""tls_key"": ""MHcCAQEEIJG09kVEQDINj8+wjHIe85JcOXQro5U9++N24NOCtOYMoAoGCCqGSM49AwEHoUQDQgAEDpUjaJTyRCeNrEZBhnWg4uJpdemhCO2PuEm27LWvcb9MGtFwIv/DKs7QuZImmK7sQHjfukKsO8s7CNR4bu0yRg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICED1NkqG7jUVs6UE+9lfC9FgwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECd6OUnfQld2gC9x8EQRhtR8SxJVg8oG9XKYRGj3Bl2o3nxXg5UX+DJrxL2ck0tBmDDoUhbl6AoiS4LqLq0jehDAKBggqhkjOPQQDAgNIADBFAiBPs4LgiRbRQ2McVsYAzfd/Q/h5nMAd2ZznwiDFiFSGBQIhANcDTxlBaY+lmnofU7TMD8RRqIs9H3Tqnu3QRNLrm6d0""}}",ufye28738bd3yv23d783.con-ip[.]com:5023,32303f3f3f5365707469656dbfbf32303234,Rmc-WM7NR4
4ca542b8871a292cc4d4c1aa0e3b8b4517a27ba227ff822eb870b5bb4b8a71d1,SUCKTHEFTUBCEGTOOTE,10/24/2024,LummaStealer,"{""c2"": [""tryyudjasudqo[.]shop"", ""eemmbryequo[.]shop"", ""reggwardssdqw[.]shop"", ""relaxatinownio[.]shop"", ""tesecuuweqo[.]shop"", ""tendencctywop[.]shop"", ""licenseodqwmqn[.]shop"", ""keennylrwmqlw[.]shop"", ""teenaggerwwysm[.]shop""], ""port"": [], ""campaign"": ""JangOo--"", ""mutex"": """", ""non_standard"": {}}","tryyudjasudqo[.]shop,eemmbryequo[.]shop,reggwardssdqw[.]shop,relaxatinownio[.]shop,tesecuuweqo[.]shop,tendencctywop[.]shop,licenseodqwmqn[.]shop,keennylrwmqlw[.]shop,teenaggerwwysm[.]shop",JangOo--,
4cd7c54d51ada797e7e762ffac350136a63af9bdc09ee752b471db33958f002a,DAEXo1tcOtc,10/18/2024,Remcos,"{""c2"": [""carracalbarmen.con-ip[.]com:1991""], ""port"": [], ""campaign"": ""AMUNDI"", ""mutex"": ""Rmc-ZW6D0U"", ""non_standard"": {""c2_list"": ""carracalbarmen.con-ip[.]com:1991:1\u001e"", ""botnet"": ""AMUNDI"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-ZW6D0U"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""52FAB4ABA90AF6988E653D18FACD533A"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",carracalbarmen.con-ip[.]com:1991,AMUNDI,Rmc-ZW6D0U
4cfa85c4c0f8f87d50db5aad247599d099816582e67bdff21877af254f3e52de,NOOSADEFFTL,7/15/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
4d37f7aea76ccb788710e7d3a8d2553964142a835115a9f0768f33b286400352,CFEAE1tcOtc,10/10/2024,Remcos,"{""c2"": [""alfredoperezpu1405.con-ip[.]com:2500"", ""alfredoperezpu1405.con-ip[.]com:1663""], ""port"": [], ""campaign"": ""PRAGAA"", ""mutex"": ""Rmc-NK89SF"", ""non_standard"": {""c2_list"": ""alfredoperezpu1405.con-ip[.]com:2500:1\u001ealfredoperezpu1405.con-ip[.]com:1663:1\u001e"", ""botnet"": ""PRAGAA"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-NK89SF"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""86CDB103BEE8F4F4E4BB432E59BB138D"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}","alfredoperezpu1405.con-ip[.]com:2500,alfredoperezpu1405.con-ip[.]com:1663",PRAGAA,Rmc-NK89SF
4d7c1d874dc735c24586b32d080ad58a7c3559330b022746fb6fc1179a1ad522,CFgFEFSATTPFFEA,9/20/2024,Rhadamanthys,NONE,,,
4e4e85c783e001bc88e531428589550291cfde824a12368765dd7cca701f904a,MTGNSGNADS,8/12/2024,Remcos,"{""c2"": [""mayo006.con-ip[.]com:7770""], ""port"": [], ""campaign"": ""MAYO"", ""mutex"": ""Rmc-P2KDAR"", ""non_standard"": {""c2_list"": ""mayo006.con-ip[.]com:7770:1\u001e"", ""botnet"": ""MAYO"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-P2KDAR"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""7FDA7755E86E281B99E6A26B2C8E3A3C"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",mayo006.con-ip[.]com:7770,MAYO,Rmc-P2KDAR
508d8872ec6b59c7583991947baafc80cc0788fad7d0215874360bb48523559e,Sep   peSpe,9/2/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""hhkhgklbnc.duckdns[.]org""], ""port"": [""8010""], ""campaign"": ""Default"", ""mutex"": ""DcRatMutex_qwqdaGFAssa"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": ""SEPTIEMBRE.exe"", ""Key"": ""cG0wMU1mQnFaUVdRQmJwQlJCOUEzUlRscFJEWkNmem4="", ""MTX"": ""DcRatMutex_qwqdaGFAssa"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""OQastGuDy2hatwiQUBbJfsfESLceGYc50ET9LWXftpOiXfmgZcP8oAdEHzw05jNxzBaGOPFz98DlJ85IH1zPwBis14dv7tn07vReX2MuKabA215N4DWpx54V3ZdQN0nqFunJkOTyc4dyl4M0tMkQ14E1Dm0BoXOLI9yyc44ezQs="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Default"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",hhkhgklbnc.duckdns[.]org,Default,DcRatMutex_qwqdaGFAssa
50918cfa5bb81e63c0e6fbcd744f371e5146fa5ed4e9c2bfa05eff7b6b4af2de,Aug222guAgu,9/13/2024,Remcos,"{""c2"": [""confrewdsfgfs.con-ip[.]com:1661""], ""port"": [], ""campaign"": ""MURART"", ""mutex"": ""Rmc-6UIVK6"", ""non_standard"": {""c2_list"": ""confrewdsfgfs.con-ip[.]com:1661:1\u001e"", ""botnet"": ""MURART"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-6UIVK6"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""86CDB103BEE8F4F4E4BB432E59BB138D"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",confrewdsfgfs.con-ip[.]com:1661,MURART,Rmc-6UIVK6
516f23acc3b9eb0c1e2fa79c2a4d8a33a07141b486e6b0cb4ed93dcae966478a,ACXNTGGCXTL,10/2/2024,Vidar,"{""c2"": [""hXXps://37[.]27.31.150""], ""port"": [], ""campaign"": ""39d074da85b9c76311c2845b4578ccde"", ""mutex"": """", ""Strings"": [""INSERT_KEY_HERE"", ""GetProcAddress"", ""LoadLibraryA"", ""lstrcatA"", ""OpenEventA"", ""CreateEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""VirtualAlloc"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""advapi32.dll"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""GetUserNameA"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""NtQueryInformationProcess"", ""VMwareVMware"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""HeapFree"", ""GetFileSize"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""FreeLibrary"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""GetWindowsDirectoryA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""DeleteFileA"", ""FindNextFileA"", ""LocalFree"", ""FindClose"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""ReadFile"", ""SetFilePointer"", ""WriteFile"", ""CreateFileA"", ""FindFirstFileA"", ""CopyFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""lstrcpynA"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""GlobalAlloc"", ""OpenProcess"", ""TerminateProcess"", ""GetCurrentProcessId"", ""gdiplus.dll"", ""ole32.dll"", ""bcrypt.dll"", ""wininet.dll"", ""shlwapi.dll"", ""shell32.dll"", ""psapi.dll"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GdipFree"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""CloseWindow"", ""wsprintfA"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""wsprintfW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegCloseKey"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""ShellExecuteExA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrCmpCA"", ""StrStrA"", ""StrCmpCW"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmGetList"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Init"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""profile: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies"", ""TRUE"", ""FALSE"", ""Autofill"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""Web Data"", ""History"", ""logins[.]json"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""IndexedDB"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""Local State"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""ProductName"", ""x32"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayName"", ""DisplayVersion"", ""freebl3.dll"", ""mozglue.dll"", ""msvcp140.dll"", ""nss3.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""/c start "", ""%DESKTOP%"", ""%APPDATA%"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%DOCUMENTS%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""%RECENT%"", ""*.lnk"", ""Files"", ""\\discord\\"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""key_datas"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Telegram"", ""Tox"", ""*.tox"", ""*.ini"", ""Password"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\r.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""00000001"", ""00000002"", ""00000003"", ""00000004"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""\\.purple\\"", ""accounts[.]xml"", ""dQw4w9WgXcQ"", ""token: "", ""Software\\Valve\\Steam"", ""SteamPath"", ""\\config\\"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""sqlite3.dll"", ""browsers"", ""done"", ""Soft"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""https"", ""Content-Type: multipart/form-data; boundary=----"", ""POST"", ""HTTP/1.1"", ""Content-Disposition: form-data; name=\"""", ""hwid"", ""build"", ""token"", ""file_name"", ""file"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg""], ""non_standard"": {""dead_drop"": [""hXXps://t[.]me/g067n"", ""hXXps://steamcommunity[.]com/profiles/76561199707802586""], ""version"": ""10.2""}}",hXXps://37[.]27.31.150,39d074da85b9c76311c2845b4578ccde,
5287ce4a9e8c523486887ca8da6134aec32d3a6cf6e77a0617b3ae1dd3193162,OopPS1tcOtc,10/21/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""azul.accesscam[.]org""], ""port"": [""2727""], ""campaign"": ""NUEVO"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""ZDNwUHcydUZ2SlFlemtNc3h5NTZKd0xDUlZQR1J1VEM="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAIGBz6Y+7gj2nikjFjRUrU+W1e6pMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMTIwMTE4NTMxOVoXDTM0MDkwOTE4NTMxOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ7RkCU5e5ZZGOVZ75AKjw+32BE4r7Gh+NDIHidnET15r/o8cPJFvS5gpG4+iibf2Z0nRFnEuoTMJw07xCT/SG57sbHxxQWqLy+MzOO9Ja6xoYoZtHX2eKqlB8q/A+zgAA/ncmt7XysT58Qj/RJ8VVdvTNW2XqUpu67cC4U/VowjAgMBAAGjMjAwMB0GA1UdDgQWBBQGF84dbwRGs8dcAxJjYPEQ0vFz8DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAGElFBgck3Tl9JJ+akExL1Hf05KnfjNQqJh1Pb+sJI9mnuysEVbl9VfAwBmKCdvydwyWbc7opnIfL95l3s1WxqDM2iMqdHvKJAAqrdKbS+41ISGFkJYIApAxxE8iY2y0Nc9h4uS4wQ7EA95s0iYS3FU6a3fTiuBtdWqpIkSmIB3N"", ""Server_signa_ture"": ""QUoT0r3IVMzdJeG85WFCNH7qZ4tV3AzDnSxyO8fKHNsLAZUjWRJp0FaBRaLbwnvplMe3yllwlQLri9/Xej3TGp7iJafy3osqUgOD7Rolx+LCmc5dC9lWuejyMQ3u/5QSn+QDfg0PPKLtEsbhY1XIVn7rYNssaUmtQvS02Y8P+8I="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""NUEVO"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",azul.accesscam[.]org,NUEVO,DcRatMutex_qwqdanchun
5288fb718ebc59210f968c247ea263159bb14c8b1e336dae9ddf17d85edaa418,Sep111peSpe,9/16/2024,XWorm,"{""c2"": [""34[.]143.159.164""], ""port"": [""6868""], ""campaign"": """", ""mutex"": ""wdQhDUOAvePQt4Sh"", ""non_standard"": {""KEY"": ""<123456789>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""XWorm V5.6"", ""USBNM"": ""USB.exe"", ""InstallDir"": ""%LocalAppData%"", ""InstallStr"": ""XClient.exe"", ""mutex"": ""wdQhDUOAvePQt4Sh""}}",34[.]143.159.164,,wdQhDUOAvePQt4Sh
5299590e69d031fa7b4118551f59a41091fe97aa3513494c910f9a6011a6e6fe,DSE222peSpe,9/28/2024,RedlineStealer,"{""c2"": [""207[.]246.113.185:46836""], ""port"": [], ""campaign"": ""xx"", ""mutex"": """", ""non_standard"": {""ID"": ""xx"", ""Message"": """", ""Key"": ""Holibut"", ""Version"": ""1""}}",207[.]246.113.185:46836,xx,
54595cdde8ac9332adc78143051b3cebd29e564b3f3ba7a390847dd6a30ac9b0,Edwardsigunecia,9/30/2024,AstolfoLoader,NONE,,,
55f3a969a56a2abde560a4d6997575a957527a8f4c1993bc2607162282e5265f,Aug   guAgu,8/7/2024,Vidar,"{""c2"": [""hXXps://195[.]201.118.191""], ""port"": [], ""campaign"": ""e4c95706ca9ca1f557526e6bb6442743"", ""mutex"": """", ""Strings"": [""INSERT_KEY_HERE"", ""GetProcAddress"", ""LoadLibraryA"", ""lstrcatA"", ""OpenEventA"", ""CreateEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""VirtualAlloc"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""advapi32.dll"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""GetUserNameA"", ""CreateDCA"", ""GetDeviceCaps"", ""CryptStringToBinaryA"", ""sscanf"", ""NtQueryInformationProcess"", ""VMwareVMware"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""HeapFree"", ""GetFileSize"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""FreeLibrary"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""GetWindowsDirectoryA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""DeleteFileA"", ""FindNextFileA"", ""LocalFree"", ""FindClose"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""ReadFile"", ""SetFilePointer"", ""WriteFile"", ""CreateFileA"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""lstrcpynA"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""GlobalAlloc"", ""OpenProcess"", ""TerminateProcess"", ""GetCurrentProcessId"", ""gdiplus.dll"", ""ole32.dll"", ""bcrypt.dll"", ""wininet.dll"", ""shlwapi.dll"", ""shell32.dll"", ""psapi.dll"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GdipFree"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""wsprintfA"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""wsprintfW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegCloseKey"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""ShellExecuteExA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrCmpCA"", ""StrStrA"", ""StrCmpCW"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmGetList"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Init"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""profile: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies"", ""TRUE"", ""FALSE"", ""Autofill"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""Web Data"", ""History"", ""logins[.]json"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""IndexedDB"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""Local State"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""ProductName"", ""x32"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayName"", ""DisplayVersion"", ""freebl3.dll"", ""mozglue.dll"", ""msvcp140.dll"", ""nss3.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""/c start "", ""%DESKTOP%"", ""%APPDATA%"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%DOCUMENTS%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""%RECENT%"", ""*.lnk"", ""Files"", ""\\discord\\"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Telegram"", ""Tox"", ""*.tox"", ""*.ini"", ""Password"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\r.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""00000001"", ""00000002"", ""00000003"", ""00000004"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""\\.purple\\"", ""accounts[.]xml"", ""dQw4w9WgXcQ"", ""token: "", ""Software\\Valve\\Steam"", ""SteamPath"", ""\\config\\"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""sqlite3.dll"", ""browsers"", ""done"", ""Soft"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""https"", ""Content-Type: multipart/form-data; boundary=----"", ""HTTP/1.1"", ""Content-Disposition: form-data; name=\"""", ""hwid"", ""build"", ""token"", ""file_name"", ""file"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg""], ""non_standard"": {""dead_drop"": [""hXXps://steamcommunity[.]com/profiles/76561199751190313"", ""hXXps://t[.]me/pech0nk""], ""version"": ""10.7""}}",hXXps://195[.]201.118.191,e4c95706ca9ca1f557526e6bb6442743,
586e3716114e7ad01d36785d3560c2c0ff95e79d123298a027de9a92b45a0af0,Sep111peSpe,9/13/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""septiembre13.con-ip[.]com""], ""port"": [""2727""], ""campaign"": ""Default"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""d01YMWFEUUV3VUE2S0l1VWllWDU0VnBmOVZEejVpWng="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAIGBz6Y+7gj2nikjFjRUrU+W1e6pMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMTIwMTE4NTMxOVoXDTM0MDkwOTE4NTMxOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ7RkCU5e5ZZGOVZ75AKjw+32BE4r7Gh+NDIHidnET15r/o8cPJFvS5gpG4+iibf2Z0nRFnEuoTMJw07xCT/SG57sbHxxQWqLy+MzOO9Ja6xoYoZtHX2eKqlB8q/A+zgAA/ncmt7XysT58Qj/RJ8VVdvTNW2XqUpu67cC4U/VowjAgMBAAGjMjAwMB0GA1UdDgQWBBQGF84dbwRGs8dcAxJjYPEQ0vFz8DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAGElFBgck3Tl9JJ+akExL1Hf05KnfjNQqJh1Pb+sJI9mnuysEVbl9VfAwBmKCdvydwyWbc7opnIfL95l3s1WxqDM2iMqdHvKJAAqrdKbS+41ISGFkJYIApAxxE8iY2y0Nc9h4uS4wQ7EA95s0iYS3FU6a3fTiuBtdWqpIkSmIB3N"", ""Server_signa_ture"": ""OkMKaWPcf91DVCt4clgRNM6Qx9Ik6OOqHdemfcqaMe79CQBGoEaVHQNStVgjbiKr5FKy67AhW6KZIa7HzqT8Dx9l+1Y66y2spXEr5DvaqjPyvyGMXNtcZ9ZkZr9ur1oHRd/bRmhrNu9rD6dOQeIu1HBgzc+CJTolzVEYgKBG7/o="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Default"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",septiembre13.con-ip[.]com,Default,DcRatMutex_qwqdanchun
599fe4c40cd392efc6becccecdb65ad61e18ad89c98a586ebda05f597b54111c,gasgff34534c,3/23/2024,LummaStealer,"{""c2"": [""associationokeo[.]shop"", ""turkeyunlikelyofw[.]shop"", ""pooreveningfuseor[.]pw"", ""edurestunningcrackyow[.]fun"", ""detectordiscusser[.]shop"", ""relevantvoicelesskw[.]shop"", ""colorfulequalugliess[.]shop"", ""wisemassiveharmonious[.]shop"", ""detectordiscusser[.]shop""], ""port"": [], ""campaign"": ""HTa5Zk--xinzhao"", ""mutex"": """", ""non_standard"": {}}","associationokeo[.]shop,turkeyunlikelyofw[.]shop,pooreveningfuseor[.]pw,edurestunningcrackyow[.]fun,detectordiscusser[.]shop,relevantvoicelesskw[.]shop,colorfulequalugliess[.]shop,wisemassiveharmonious[.]shop,detectordiscusser[.]shop",HTa5Zk--xinzhao,
59fe7e6e026da28b275c1fa65ac6f2bb0712793903fe1b77cbe148c15df0c927,DSE222peSpe,9/29/2024,ArrowRat,NONE,193[.]142.146.64,,
5aa1dc189fcbf09a77f1926e0a2d1c17d9b66e8bbbae1c1751622f544a67ee62,Aug222guAgu,9/3/2024,LummaStealer,"{""c2"": [""caffegclasiqwp[.]shop"", ""stamppreewntnq[.]shop"", ""stagedchheiqwo[.]shop"", ""millyscroqwp[.]shop"", ""evoliutwoqm[.]shop"", ""condedqpwqm[.]shop"", ""traineiwnqo[.]shop"", ""locatedblsoqp[.]shop"", ""applieddyooqnz[.]shop""], ""port"": [], ""campaign"": ""YT6gHy--"", ""mutex"": """", ""non_standard"": {}}","caffegclasiqwp[.]shop,stamppreewntnq[.]shop,stagedchheiqwo[.]shop,millyscroqwp[.]shop,evoliutwoqm[.]shop,condedqpwqm[.]shop,traineiwnqo[.]shop,locatedblsoqp[.]shop,applieddyooqnz[.]shop",YT6gHy--,
5ab8a17246063f43e04f124c842427a9413d086796c1fd5e9d46917b308f5e74,nEdxC2tcOtc,10/28/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""octubre212024.giize[.]com"", ""fuertefuerte.accesscam[.]org"", ""octubre242024.casacam[.]net""], ""port"": [""2727""], ""campaign"": ""DINERO"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""SjNjODBhcEdBcDB5U2Rxa09Sd2lJMktXM0VXZGh3SlU="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAIGBz6Y+7gj2nikjFjRUrU+W1e6pMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMTIwMTE4NTMxOVoXDTM0MDkwOTE4NTMxOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ7RkCU5e5ZZGOVZ75AKjw+32BE4r7Gh+NDIHidnET15r/o8cPJFvS5gpG4+iibf2Z0nRFnEuoTMJw07xCT/SG57sbHxxQWqLy+MzOO9Ja6xoYoZtHX2eKqlB8q/A+zgAA/ncmt7XysT58Qj/RJ8VVdvTNW2XqUpu67cC4U/VowjAgMBAAGjMjAwMB0GA1UdDgQWBBQGF84dbwRGs8dcAxJjYPEQ0vFz8DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAGElFBgck3Tl9JJ+akExL1Hf05KnfjNQqJh1Pb+sJI9mnuysEVbl9VfAwBmKCdvydwyWbc7opnIfL95l3s1WxqDM2iMqdHvKJAAqrdKbS+41ISGFkJYIApAxxE8iY2y0Nc9h4uS4wQ7EA95s0iYS3FU6a3fTiuBtdWqpIkSmIB3N"", ""Server_signa_ture"": ""SdTigt3KchuRlEZS2cI3Sx7JRrAn9nprF2YNhmSIM4e9Ot04NCwWAx3cIlASTRsaVyv503lEXhWTKLxY1E2eU8DOIFdMFEQAWdFPQ7RPo46ir+gAX0MwBC8bxbjjlLXd1oEFMRssB44BrZOTxmKANhNb0KDAk/SyFza3D+MOwWU="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""DINERO"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}","octubre212024.giize[.]com,fuertefuerte.accesscam[.]org,octubre242024.casacam[.]net",DINERO,DcRatMutex_qwqdanchun
5aec1bdb65d91129f58844c126bd3e3f324b1db33b400a875497c10fd08f031d,GGGSADEFFTL,10/1/2024,Remcos,"{""c2"": [""rfast.duckdns[.]org:57840""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc$urG9345JRjuDjdGoH-YPT52V"", ""non_standard"": {""c2_list"": ""rfast.duckdns[.]org:57840:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 0, ""enable_hklm_run_persistence_flag"": 0, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 4, ""install_filename"": ""Google.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc$urG9345JRjuDjdGoH-YPT52V"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Google"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""4EB0E36642AEDECE1A37C769E012327A"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH+MIGmoAMCAQICEBrV8/JBAUcef6WvFe+KE+UwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+Mr4NMT6XU24cXz8lxN2nv6/SOP2MjzhcxVOeJnI/rLHRR411y2UxO/OqtE6UbRKIkxSdwLE22A5Lzt2rPHWsjAKBggqhkjOPQQDAgNHADBEAiAoKzrFLs1UZUbsS70JFkhB5f/UWWICmZpZgGJvulkgIwIgdgBm1hdlcU4HcGhbWYLoO4Zb1ZYulRbRTUBAy5m1oz0="", ""tls_key"": ""MHcCAQEEIPO3EbPLWrE4KTUgC0hVTmYv81ta+gobZEIVeovTICqNoAoGCCqGSM49AwEHoUQDQgAE+Mr4NMT6XU24cXz8lxN2nv6/SOP2MjzhcxVOeJnI/rLHRR411y2UxO/OqtE6UbRKIkxSdwLE22A5Lzt2rPHWsg=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhAlqlmVlcWXps64cVI6AGyjMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABG7G+gAoruQoa0HzGDb0oB+X6Uo917kA1XmMeUScg8ePvfXZQaLX3dhqiBZ1rstBYU7pVf9KbsHZjl7UWQBtiCYwCgYIKoZIzj0EAwIDSQAwRgIhAKsxTSIgujFfVceXSrMwZsCjdrBnCBVrqLsPjpsnJiFnAiEA29paMoT7xc/Ag+Ui45ZHwqqo2i0p6vstdOmRTSpaiuY=""}}",rfast.duckdns[.]org:57840,RemoteHost,Rmc$urG9345JRjuDjdGoH-YPT52V
5c6118287d6b3c0a58b87bf6c4572bd132d96f713d31c7061f790871674430ac,EFF   tcOtc,10/2/2024,Vidar,"{""c2"": [""hXXps://49[.]12.106.214"", ""hXXps://49[.]12.197.9""], ""port"": [], ""campaign"": """", ""mutex"": """", ""Strings"": [], ""non_standard"": {""dead_drop"": [""hXXps://t[.]me/ae5ed"", ""hXXps://steamcommunity[.]com/profiles/76561199780418869""]}}","hXXps://49[.]12.106.214,hXXps://49[.]12.197.9",,
5cafbeb084f248690fa9d04c395055acad30ff67bbad09dc1ba8f9d5b4cfbfe3,ATGNSGNADS,6/26/2024,Remcos,"{""c2"": [""genesisloperalora09.con-ip[.]com:1880""], ""port"": [], ""campaign"": ""JUNIO"", ""mutex"": ""Rmc-MHLRGY"", ""non_standard"": {""c2_list"": ""genesisloperalora09.con-ip[.]com:1880:1\u001e"", ""botnet"": ""JUNIO"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-MHLRGY"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""registros[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Capturas de pantalla"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""0E470DBC439D9E4DD2D21356C7BB2FF1"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA/bK072R8ULSeOSr5wUkeEMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA6VI2iU8kQnjaxGQYZ1oOLiaXXpoQjtj7hJtuy1r3G/TBrRcCL/wyrO0LmSJpiu7EB437pCrDvLOwjUeG7tMkYwCgYIKoZIzj0EAwIDSQAwRgIhAOSn37JeyD+DIWNHGE1xcYdm1RrQ8TT8hiLd9UIfm9uuAiEA7GC6L19W5lN5cfD3Rh2Ior++WuiLxQwnvw7H9AP/egA="", ""tls_key"": ""MHcCAQEEIJG09kVEQDINj8+wjHIe85JcOXQro5U9++N24NOCtOYMoAoGCCqGSM49AwEHoUQDQgAEDpUjaJTyRCeNrEZBhnWg4uJpdemhCO2PuEm27LWvcb9MGtFwIv/DKs7QuZImmK7sQHjfukKsO8s7CNR4bu0yRg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICED1NkqG7jUVs6UE+9lfC9FgwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECd6OUnfQld2gC9x8EQRhtR8SxJVg8oG9XKYRGj3Bl2o3nxXg5UX+DJrxL2ck0tBmDDoUhbl6AoiS4LqLq0jehDAKBggqhkjOPQQDAgNIADBFAiBPs4LgiRbRQ2McVsYAzfd/Q/h5nMAd2ZznwiDFiFSGBQIhANcDTxlBaY+lmnofU7TMD8RRqIs9H3Tqnu3QRNLrm6d0""}}",genesisloperalora09.con-ip[.]com:1880,JUNIO,Rmc-MHLRGY
5cbf6d0a1f9a8ad1b482c9b7371249b91b1ac1041e9e08701ded8fb6503b00ad,gasgff34534c,5/26/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""enivomarzo12.dynuddns[.]com""], ""port"": [""4859""], ""campaign"": ""11 de abril"", ""mutex"": ""FSD1F44ZXSW1"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""NERYUm1XUm9sNXhEMFNBVDhWbFN2Ym5mM1pqSVZuU2U="", ""MTX"": ""FSD1F44ZXSW1"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n"", ""Server_signa_ture"": ""NW2KJ7cvJv7qQlvdiub8R5bXWaaf0244qM5iczinkaWZveXF+kcxcQmKYsBtMXQaIqiAF8q+XfDPncRN7M6yL4cbnavQWlxjaisO1vqb7TxlYQ6wDRb3G3UZNHOCHpm0Thb2h/JsIiSu33pcQzB4irtywEFhKjLoQAl923ICuQc="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""11 de abril"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",enivomarzo12.dynuddns[.]com,11 de abril,FSD1F44ZXSW1
5ccdc48357a287efbf61754f092e9ef24718b9d1099883eda90b2b93f6d94ebc,,9/10/2024,Rhadamanthys,NONE,,,
5cf2e959a847aec8f88ae72498de80f943385f2a82f06cf7bb71d12c5b49d2b9,MTGNSGNADS,5/4/2024,Custom Loader for VenomRat,"{'c2': ['45[.]15.156.173'], 'port': ['8080'], 'campaign': 'Default', 'mutex': 'bpjaglysbbvjyn', 'non_standard': {'Ip_logger': 'null', 'Ver_sion': 'Alfa Red Fox V1', 'In_stall': 'true', 'Install_Folder': '%AppData%', 'Install_File': 'Windows Applications Start-up.exe', 'Key': 'cllhOWkxSjVKWFV5MlRtSFM0VFRUSUV2NDZwUWtHR2Y=', 'MTX': 'bpjaglysbbvjyn', 'Certifi_cate': 'MIICOTCCAaKgAwIBAgIVALA2QZlN7HAGWTOMEgPnbWHxsFPhMA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD0FsZmEgUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDYwNDAzMDMyN1oXDTM0MDMxMzAzMDMyN1owEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ1BfgYgw4IEswijJFoniPx9PhYeKpMPTpx0uW95h7CMVMqojHaCnGKMbVM2Tl3h7W5Qm/xGvaFd0zu1xNnnaCE6UsiHFIAsU6tPrZmrZGq5N9IwrVVYmktRxY3D2f+d0/xnBZioTRNOh6ix8jgjs1/1ZNiwqDlbRVwiH4wMm+ffAgMBAAGjMjAwMB0GA1UdDgQWBBRkVVb3ySgAKbYXiwuIuthgtQ2zgjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBADtvpfO15Ehb73NXqBm9t32xggLD06yF22dmuiZlkL6D+1fsq4Qhd0Gq2IUaPkNO8gN9hJRgpTaQWk5MRY+5YVXheQlegZgR9FuUOhwUlwCxtCC09xtQZJhbzdUPOBH+e0wP2DNUPYivHD9x8bbrp8mfDDjJzDk1c9bCvDspYTc5', 'Server_signa_ture': 'YKu6sIJcCVYiPujVOqVOHOvnvTWcReyWU5XL9XPoUwNGbm2OaaU7VZLDLn26UGr6Mc8IybpO2g/DfaxUstrDXs2oSEeDj87u0OsfnULWpGyQFJ1W0TV5qMbyiboD6MuFdbY5CTVW4bcEjiMc2jTuemBPQmiJigLBc1ylkSQhDt8=', 'Paste_bin': 'null', 'BS_OD': 'false', 'Hw_id': 0, 'De_lay': '1', 'Group': 'Default', 'Anti_Process': 'false', 'An_ti': 'false'}}",45[.]15.156.173,Default,bpjaglysbbvjyn
5d9d8bfd620209757123efaad61ffd8a48598ba8cbf5c5d795c9b35fd8618277,DAEXo1tcOtc,10/17/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""offcordl.dynuddns[.]net""], ""port"": [""11206"", ""22205"", ""2202"", ""2203"", ""22206""], ""campaign"": ""017-Oct"", ""mutex"": ""DcRatMutex_qyunchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""V3FXWUZ1VVB4bGhpUXZhR0xsRnZmNTZyUW9iOFJmTVE="", ""MTX"": ""DcRatMutex_qyunchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n"", ""Server_signa_ture"": ""o+J7/JffGrKBUmoGi56J0kxgS8GtU44QsCHWyJivd6YKYqtc9DdZs0QwzU12Vnk1EcY1KjXCq2tIYTHfpihSqqI9q06RqPNFVFK4G7TIAnfEwvtbA52IV3qqymMPhkXOP4+52GoDlKcuQmbKCwz2sKmPmaGGBVA7NLDEMT0ozBs="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""017-Oct"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",offcordl.dynuddns[.]net,017-Oct,DcRatMutex_qyunchun
5da1b29f6b0ce6127341d90ecdcf572963cb8d27a5f4ba1b072f58614404976c,EFF   tcOtc,10/9/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""esteesdeldcr23.duckdns[.]org""], ""port"": [""2247""], ""campaign"": ""3 OCTUBRE"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""UkRLMEtrZW0yTDhnMGtDbldJT1Jadm9PRk5WTHAybHc="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVALHnIPqvO0ejsIiXRAS4cjBZw0S5MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMTAxMzE2NDExOFoXDTMzMDcyMjE2NDExOFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAI9TFguVgCTtF7U7ZaWys4ygvnAGaWgPqOEwcHdwkQ/clDk+TcRb2GA2NOGmrx4CTSEjxO9rcffe+KH/fqI4iMeJENTGQppXZ2U9364EL6jR+2RZZsNj6BKCmal9X2cF4hNjmqw6eYJNz0oAIzEXaa1haNUmF8DAGBUcPJTYLEXRAgMBAAGjMjAwMB0GA1UdDgQWBBQZcjTnccP11MPXG5vPC6QzfmaTJTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAE9RAtXZ3EBORUg4Gv1XH/0bPpBcSqnBYrWNk4GEntDsNKVGpc927yFnHtuoRPh+ZgPwNfeVidop5WckVEYBBwb6R1YOHuhrTKs5fi/8Uvdnyvspng7RtsgVGIDTLg6bMFaZ6tnuQBjnijtgPtpawqnu49I6cDphXwpqLnuQLUzJ"", ""Server_signa_ture"": ""eQ5oIbRtt5x7zPKIZKsoamj6AAcOs+Lgs49KCJEqcdBoeSMOKuXMX8FEiIqa5isMZkEU8dK4OkWdTSr/Qu6AFfk2fxI+n6xAOoH5UGWG2R5r8BDmEm1KZf98NSG9Wd/f2udeCJQsC/f9inIyPb+IKIpSY6IANUf0upqCGMmMnhQ="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""5"", ""Group"": ""3 OCTUBRE"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",esteesdeldcr23.duckdns[.]org,3 OCTUBRE,DcRatMutex_qwqdanchun
5e3bd1cef78452981fee2e74cba2fdc46c6ebac15d9a19d85f53ee4812b1fcec,Aug   guAgu,8/5/2024,Remcos,"{""c2"": [""fdsgofgjoefjiooe.con-ip[.]com:1665""], ""port"": [], ""campaign"": ""BUUZ"", ""mutex"": ""Rmc-VG1GFB"", ""non_standard"": {""c2_list"": ""fdsgofgjoefjiooe.con-ip[.]com:1665:1\u001e"", ""botnet"": ""BUUZ"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-VG1GFB"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""86CDB103BEE8F4F4E4BB432E59BB138D"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",fdsgofgjoefjiooe.con-ip[.]com:1665,BUUZ,Rmc-VG1GFB
5ed664e59239f2bc96b4ac1a07cf1af18834d467b1868c79d960d3122e0c9547,CFEAE1tcOtc,10/11/2024,AsyncRat,"{""c2"": [""null""], ""port"": [""null""], ""campaign"": ""Default"", ""mutex"": ""E81gbbgofh17"", ""non_standard"": {""Version: "": ""0.5.8"", ""Install: "": ""false"", ""InstallFolder: "": ""%AppData%"", ""InstallFile: "": """", ""Key: "": ""T3Vsc0RBMmdMaWNBZzFTR2s5Z1Bzek04bWs2RDVLamw="", ""MTX: "": ""E81gbbgofh17"", ""Certificate: "": ""MIIE8jCCAtqgAwIBAgIQAJuUpAxNQDxZcgGMlOf0nTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjQxMDA4MjMxODAwWhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKLnPnlYF4GM/PGf4KWDKycrA33O5xnun+w5zgVdgCKJUtpLKDZ/EQ1nlDXRY++Sv8crLVyAab+FfaESx7UiAvrhaVwngLRiIYQzDnmAYOOJbOXKGwjfXwDSA/KMxbIdQzm6lIk0J/bqWnTsYNG2WAotCu5x+FfuFZuMjd40l9x0ldemA6GHCcTTZv3tkrUbPDT4V7v6lNpwm9NogrZVQZ8HvC/iFVGqV/RBTC6CusYvP+mVgv2b6Ud8c0JqRz7kfjRzSS6H4yc4qToAuYZLhi0vM9G+ltuc+0tSB3uIHyFAuv42BoihK1f+JOio5LEB2TESty27czHt0OifHYuc3aOKOqnlYdARelpD6K0mqnOmkCzyrkxTZ3SFUYjDuaI1oCPUokhAt4VOMHBDln+vO1saWVCp3ryFhGjwDD3z5NPxwznczGQvm4O+5GRIpVUi1zwFs25JKwxtf2DufL+pYlQ0unqFdiqX34S9yes9hDImYj2VVkAVSqwfPeq95XAOydz41npCf7JQiJmIWloCQiSMD5sXlTNfMCvCG7ak+dy3Qa1BrkmeKO3cXmVB6b+bYDGtXwNk3FH8bjeae9edleXV1UZQ4lymWXYIetcu0KVI/tgWeTSj56gwQc8Y74pYXJLkfJv325gep5WFaeBOvT/6iXSuEDKynAoKqEIt7oQDAgMBAAGjMjAwMB0GA1UdDgQWBBSb8EFwZTjCc2b4i1XDQBy67H52FTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQBctRI/x1yWJesQ3HVzkkUrYYN6hUda3jCz+7rGG78o/TjTFUTzSYTmb3o9HwbdkusyCXQAn3d1X5fsOF+fprr5cldFqyiyzegKoAbIrxgoaZnVeRibBbbjHKuJu8WdX1kPHUK64gusUqTOcV24q5lvsw7mJCADS7uXkims5F/cOjjGM94EdDQQiUmOr/F/UTLcJXbHTThomOYp/ELTCG2PxgUaNurWOxVfoLkQhVGwqUGIDAS/yqGyT7ZXpG1nTmSThhxvCyc8f8NmRFGJUqZiuFMfHzuuRrFpE8MafoyiA8AMgDejq+FXHyErrbaIDqsf01Q4tL6f8bg/PqcE2EW0YoM26MDkbon1KbqOZMRoKP8Q1D7fSTiAZirFjpSszjD2iqH6UFm/9PZRjQR5Y6/dVzr0JEtU+oQn/yFEm8Nqmo/ObF/uAq86uzUFFynp508PweCCdDyawsbj2o0Yg21mIUY/ClTpN9A2cc3kcWtBddoDIGblQOiEyRXQSnwbRRCIPy5Ts5JEvKjr7c3WkzHk3ivYgN0eOD3KZ2eItslzh9I/kT5YGkSXxmPwrRbCbyc6nuzMKO6d4kRahNGbmOWJrSIziIp/egywIJx3g2E8pfbIyTYONt7UWOoBQJElRiZx6ajQ9+kwF4pEKqget157cnFpVjTfj0nOef6aa76a3A=="", ""ServerSignature: "": ""D91hL0Ct0L5BDlQkzBTfZ3aFgLq+RntG+PMAXRmpHt/4rOo1fC3iWCFb/Y0/oe6TCp+jlAm08wrifYQtURQw4B0CjgCVI9epOzzHVHX99Bo6g8KkKrRPibG8Uph4kIvbBjtIgA+Hy1laWTH1yda8LLB7IRAVgGE0p8I8aMPyubY85zYsTo3Yy+LNfMaOISgAxkkr5tU2fLy3PqhaymjisGAogvmaargEGq2H9FMgz6iVGmrJqhoUBHrHgpbaekJZwAO5rFOT+ZRUGhJ36Y3daa+1pvq2Zgby7QmmFHfdFxVdRwknt9gHEy2zODkYYnuqD5sRhyc3CpFn03dl+vGfHlHzutmsRtUnnJbqrUsybdVeg6tqUexbaN1UIDyABIDkRPQGAo5DJWeXwmbck/PJtqW7DZynDxCTWh0SYpnUgyXK1wgpd/SOLSK8KDDjg/AxWo3gcfR+TOQPODIsklG1bSBN0Kkm1gqAy1y3JtbahhC+AGS0KyLsf/TKV5IAcXxZtkBNPAWVnFeu5dSyM8MaF6CAAa2CbAYnLNfzaC3Ed1AlnulKKlPUKeQMM5aWj20aqDyEwlWIewixwEnYU11cOLBb/R0au2HfOUOBHSfVk93eDZmaYD2ozGIRwkPr9mZ4TSJit8bSkucFXUcvbuPdL0dRsT53mcSxfw/FBAp5NJM="", ""Anti: "": ""false"", ""Pastebin: "": ""hXXp://91[.]202.233.181/any/"", ""BDOS: "": ""false"", ""Hwid: "": 0, ""Delay: "": ""3"", ""Group: "": ""Default""}}",hXXp://91[.]202.233.181/any,Default,E81gbbgofh17
5eeb62aa52a36d263ab636ca89ff9d2b208c49aa7da6f2d9053364fa7e970f96,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,3/16/2024,Vidar,"{""c2"": [""hXXp://167[.]235.207.130""], ""port"": [], ""campaign"": ""19f8c902304415c9489790a0ba0ec86f"", ""mutex"": """", ""Strings"": [""GetProcAddress"", ""lstrcatA"", ""OpenEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""FindNextFileA"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""SetFilePointer"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""TerminateProcess"", ""GetCurrentProcessId"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrStrA"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""TRUE"", ""FALSE"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""History"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayVersion"", ""msvcp140.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""*.lnk"", ""Files"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Tox"", ""*.tox"", ""*.ini"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""accounts[.]xml"", ""token: "", ""Software\\Valve\\Steam"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""Content-Type: multipart/form-data; boundary=----"", ""Content-Disposition: form-data; name=\"""", ""build"", ""token"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg"", ""\u0004\u00004\u0000 \u0000e\u0000*\u0000\u001a\u0000S\u0000^\u0000A\u0000*\u0000\u001e\u0000+\u0000\f\u0000T\u00002\u0000i\u0000"", ""\u0004\u00004\u0000 \u0000e\u0000\u0007\u0000\u001d\u0000S\u0000Z\u0000L\u0000'\u0000\u000b\u0000!\u0000\f\u0000M\u0000$\u0000n\u0000""], ""non_standard"": {""dead_drop"": [""hXXps://steamcommunity[.]com/profiles/76561199651834633"", ""hXXps://t[.]me/raf6ik""], ""version"": ""8.3""}}",hXXp://167[.]235.207.130,19f8c902304415c9489790a0ba0ec86f,
5f3cc281a34872f7732d1174eca50fb85364927cca8dc70ac31623ff38c20a00,ACXNTGGCXTL,6/29/2024,Rhadamanthys,NONE,,,
5fb8926926dc18f997e3bbce351518fcca0ffd382099e59154402e2da3a3858c,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,2/20/2024,RedlineStealer,"{""c2"": [""103[.]183.115.60:9112""], ""port"": [], ""campaign"": ""CD"", ""mutex"": """", ""non_standard"": {""ID"": ""CD"", ""Message"": ""Your computer does not support this file. Please use another device and try again!"", ""Key"": ""Unimplored"", ""Version"": ""1""}}",103[.]183.115.60:9112,CD,
606d23a8f451eeeb802261b8c279da0185d061d971e01139da4435f75eab56e4,gasgff34534c,5/23/2024,DarkGate,NONE,,,
60837ecb4271e7348591ab1d8ee69dabf9071677694fb024493497af43855f25,EXC   tcOtc,10/8/2024,ArrowRat,NONE,,,
6083df167c2c313759ad4885919f556172343bc787f28780429e7272ff7a05da,Edwardsigunecia,8/3/2024,RedlineStealer,NONE,,,
60ee569d82800e734e8202fb63118174d7ef7cdf75c078f0ceb19d5d80975f56,ACXNSGNADS,7/9/2024,QuasarRat,"{""c2"": [""94[.]228.166.40:4782""], ""port"": [], ""campaign"": ""Office04"", ""mutex"": ""0f869795-66c1-49fc-bfb6-bca8984fee7d"", ""non_standard"": {""Version"": ""1.4.1"", ""SUBDIRECTORY"": ""SubDir"", ""INSTALLNAME"": ""KR6nDu9fLhop1bFe.exe"", ""INSTALL"": ""false"", ""STARTUP"": ""false"", ""MUTEX"": ""0f869795-66c1-49fc-bfb6-bca8984fee7d"", ""STARTUPKEY"": ""defender[.]proces"", ""HIDEFILE"": ""true"", ""ENABLELOGGER"": ""false"", ""ENCRYPTIONKEY"": ""7970C2029EDBB83E6BD65073BE18684AC9FF3F48"", ""TAG"": ""Office04"", ""LOGDIRECTORYNAME"": ""Logs"", ""SERVERSIGNATURE"": ""gtqzr11jLEim2YeRqYPN2Wdb9vmofkkW97tG7CVuE3FXtCgAOB6sZ8StLSbt19Ykix2x/VoCT00KqQ8iXCEwr5crgGpBkq9LkQOPZTgnZNTDLaAawyxDTEaMVBC845i+LeM28+bs7fTa88MGujCG/0/0+XxyuT7Y6mKL1WPPaNY2vuQTSeKVGzEDvxbvtWFgspvV2WUpn9xZaKkvz93giEVXRY/H5X063nnhczZJvCGwEffeRVsuiNpY6XuDR5NhFbaGvlK8qQnAmFe0q8gMBCoTiBE6RIorG1UvC35IuQMy710lJOhsqwAWEzeDZEBzNP3jApnPRbM6yBqziyjOpU8lYKw+XTjQifaWGcrcd5O0gy4IDdL8y9VX15xYYgVBGCcQbk4UmiAmQjNb9qYbqMmtRgYddlPdGMQazHdw720SApYeirhLwpHVIScAkB6C0JFV+gTc8Wn27P2mYYk16o2OoVJD+bRssDPvt37c9br0bfkiIA4zmkUEOTHbIPJv+7IgkfwEsHPZ8RLr/UwTn7oK9RAiUafuJTw1YtopevCHRrgFOKFuZBwYWMPHm6Aw0CRoENxGSe1t3m9GxLdw4GNCi1fI91KasCp+Z/6LNAqCj/wb0frOBnzIkAmm+88DvNRwKjfszW405uFnDaS0cIiBn1J49yOIj5EJVvG0awM="", ""SERVERCERTIFICATESTR"": ""MIIE9DCCAtygAwIBAgIQAPCs63g6zGRjbLM0MwegOzANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMCAXDTI0MDYwNDEzMTExNVoYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnZldi6mzClyvhOM51pzFce0o1YxgDVc6il61A4w3BFf/TqSKEcgjeCTsXHgrs1WzlA5VQjcEVtptZrYzdiE4kC8dWEESBpEyO7518VYrz+eQwbgpk90S6/OQKw87NGWUlAnc9DWcm9+WIxiCXck7dVSmDwG2EjwGiiacnRzKoEKN008IMPUNQpQcb5mfJ3HBvCFhP2UtVtNCqGbyM51ZZm5uUcTuuu2KR84xVht0e1bRLLR/fRE0KqiSB0b6CTz1QpniCAwTq4RtdVdTwSr6dfVM6Eyndy759RZiECKV1Ayt5nfCnnHmvyXAGaPqUWZNBMZ3p3KKoas/BiqntEjI0o1MKA+X6JUSiDn13LKYygRnSZCkrMJQUc2v3pzH+xflSQNUNp5LgT4U5+q7DCBqS56D5jRjP+ecjBIzgxVfWCS2trrKXyZP8hKVrfQDbm6ZBuqei19ANrGoo8EU8lUmgAkI55SDUCvMteTwu9VfO72p+tWw0LhhrrOrpP6TMX5tCa6L0u0+MT1cljZCiVsvtP52ut3CiK2px9TGlf9m9gt500JRH5KrfDphNaP1bUaODK2DynI4UV0Tb9HLy+dFDqZW4fISR/yMkJL/zBOE0Vp/FwCmCJKFeOESFvw/2jd0KVNPFlDH6MdcuCKFU09ohB1iep06y61TVD3TCOlu5V8CAwEAAaMyMDAwHQYDVR0OBBYEFIeKYVsI7JEDkTmxlWtqgMMoDEceMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAAvPj4V4urQ4MN2/mUaxZf8j9DV5EJHNSZDKWoUPhCAc9Ta6zRmMF07DLeCCk8jkdelHHJ+TWCBMcfhd0p4ZwRN6t1KWfhPP7POugOXYK/CHZUEVuha8ocHKN7rn5nS4ErAhA9WePfvMHSVx/udgv0joPXUyDDnyF8ONYULMHrgM8tmjI8zooOtyh8plKNZAPz99emC66FppvikMxzrQxW3SYAnB46261CFyBHqfbxZnKtK05P0rf+dJALFIMfwFZHVsb2SnCN11J/kFH5IWgfRT2sFUOlSxHNFFzjXTPMNkdKVmWr/IADMDpHdA+DH+Hz8Wn3NuCbCxXsX16olNH4H0uj5MXO+1RgUosmAib1lhzD/JexRMKYITYDGyskpxJ0jDbVkc42Tnor3eMLxV0XWbi6H6kcygYx2NToN9pHYG7FryHaAPe6Xo/g1gw06lL1LupBiBgUYcuGkfYeOj1Wtdr+RKhIdWvVDAlgnDlOC4Ci8346wZHJlKjJjU4uoLnTQn3PJEDQMxAYocdqT5qosEBpIVHgP7jBn2rPspPBTlLOrG1NMaUs1xdAKNymlIGth6ceDcpeFT/F9lDIpjW3HNs0sOKzqsINANiKPBNMRiDNUjUKYMyodRySP2s593xVMrOJCWuTXPX5A2Hm2KswoXzP5ZGJqljMQNtq/AiT5X"", ""HIDELOGDIRECTORY"": ""true"", ""HIDEINSTALLSUBDIRECTORY"": ""true"", ""INSTALLPATH"": """", ""LOGSPATH"": """", ""UNATTENDEDMODE"": ""false""}}",94[.]228.166.40:4782,Office04,0f869795-66c1-49fc-bfb6-bca8984fee7d
612cdcd8164c3820950dcc5276dd1a41782ffe424ace86e065de964de21f6871,gasgff34534c,10/28/2024,Rhadamanthys,NONE,,,
61b0a39405d071a95d7a8302b308cbf65ce4db0df029efea1af8a24ae9a94ca4,Aug   guAgu,8/5/2024,Rhadamanthys,NONE,,,
6272c72c830630f76aac92c2ad13e3f601aa7752e13d8713e150511754097eaa,zEXDE1tcOtc,10/22/2024,Remcos,"{""c2"": [""newtestdn.dns[.]army:1700""], ""port"": [], ""campaign"": ""RATON"", ""mutex"": ""hbdggdmmmskbsciihcjh-VVGXL8"", ""non_standard"": {""c2_list"": ""newtestdn.dns[.]army:1700:0\u001e"", ""botnet"": ""RATON"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""500000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""hbdggdmmmskbsciihcjh-VVGXL8"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""registros[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Capturas de pantalla"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""datos"", ""enable_watchdog_flag"": 0, ""license"": ""B6C491A32A67ABEAF5119B1E1658CBF5"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": """", ""tls_key"": """", ""tls_raw_peer_certificate"": """"}}",newtestdn.dns[.]army:1700,RATON,hbdggdmmmskbsciihcjh-VVGXL8
62919dc688726421395003025abf1bbcd405048fb5b7c544139a538e5bdc45b0,43423fdasfdasfa32143242,8/31/2024,AsyncRat,"{""c2"": [""45[.]200.149.147""], ""port"": [""4782""], ""campaign"": ""Default"", ""mutex"": ""uXnIs7mA0Z5R"", ""non_standard"": {""Version"": ""0.5.8"", ""Install"": ""false"", ""InstallFolder"": ""%AppData%"", ""InstallFile"": ""javaupdate.exe"", ""Key"": ""UXMzclVTTVgwcURNT3oyelFDUTV3dkYwanh4ak83UzQ="", ""MTX"": ""uXnIs7mA0Z5R"", ""Certificate"": ""MIIE6DCCAtCgAwIBAgIQAPpSAj0x9XlIRDDSu15zXTANBgkqhkiG9w0BAQ0FADAVMRMwEQYDVQQDDApTZXJ2VXBkYXRlMCAXDTI0MDgyMzEzNDkzNVoYDzk5OTkxMjMxMjM1OTU5WjAVMRMwEQYDVQQDDApTZXJ2VXBkYXRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmeh3Dt6mgeEan4bv7C+jwjEN+mFBTpzcj+DTeqIDoBKM/zEcLQrfX+NkjCFBoZqn2H0Vbx6heiRgON1/DXqkvo4mfgKZyeQP4+kb1TU2v0/WBFtUnVecERJNU0EvELTVzdnrWIXY2xlu1m36RcXdkM2L1DtToA9CABxcRzU8hjRPnqOczr4+MXOgLbgaznArX58fN+0g+nnFIi7e/UDxxmAN+MzVKRQTP6j0WqZEcBt5Rk8fJ2rtAO/SG2UyIhegnF5nQAS10U9DL/1oWZHRzwPXgO2EZHTGSmuFDOYIAkCyTy80DdLiX+rWJGi+2TH4tB4gLan95sXm9cXvArdhvyUMejx7SpOumYuNMuCraUf11lN40yjO9Ziy+w2Vn8q/zza7RiMxWF+tNqFaH3W18GmycizYLE+3vdGv3C22XTcnX754VI8NRAELYpfpWv5vIe4qfmvcwQ7CvgkFmyHXINNww12QPzAJYhQ57zr7v3CHboQ1JqMy9Nlc0bixAoew1OZuYvuRzciaO0CjiW45Tnr8homLSTkqcbFj7OKcIsgCJINfVe86b6R1Aal60h+cJleCxqPCtmEjrPj4lnZym6ZKCUwH5Y8c16ukrSIHd4PK3u+G6tKO/ly5O7OcNgJNtukPFWkxOoNkj46IFxoIEwp117NNMU2g2vRjI/i6GyECAwEAAaMyMDAwHQYDVR0OBBYEFCFxkeVgc6RTWUkBC1aKOISha5x9MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAHwIWPBMKOAwpi8L4GGrqgM9XesitPycz9rx/mXTCAI15Hl86CDUZ1+YmOifrgweJbQuOE+8Yb4pKDF8tybdbGIRgPirHVWfxV3e0VZ2AzQBbreeIIVHbW4H4ccOrHSDjgthDSpllLGN9AN7BJ1igMxVpPmKHFoXXe98U83arINxEa3c11++EbvLvvdEn4Es6n2ty4tACbm1mebSi7fHWvBoNfOnMEnWABIp9/rFDwAPnZYd/K6yJyvgyKzs/5khohF28EWs2/xc3QWM0rxUIyiTQslQ7bBOc5DlT2sb4p7VG6Di5vie2Nf2xVS639vLBHGns89PreHjuXeklqYnXi5iRCebeR/HYK6+C7TTnx/Ua8qa6qi0EdrYUM0CatR8OZLMnou0kDL+xnDcYyPwU34zr0rsnSU5dMTaQatBX0HnDXD64OeMOAQDIHLIzexw0f1Uq7AWmwVOPb6Av4ERAe14Z0bjQFB7/ZdjG6dj3v5bzGNLT8WpSEwR4a6ZssH6Eo3ubpFmcpPOC9EBsrqnCI6kOKB0YSHsqyNNJXeMilJAB/IUhTmOPggc59/9vjREwjmIEpDePSdWjZnvAAHJBorCr7ZSLbVwDqrrOSoUJkUsCoxN6y+dNCA+iujjtsF0xFyM5sLttLzENLQdXZD70rXsIxOUmqsFlEUMnVyT4rH5"", ""Serversignature"": ""efN6LfNbTCZcjbTCWlWo/QoX262MrgKOJ+0ynBGmJ/SWlDEFgGlLSKy5kk4NORcwr4RnpqY0zydOktn3cNTJy9GH40/jjCUe8AxKweuu5WbELFO/lnxNbFU/7eMe+cM61DQDpbXCkFiw6Ec8PatOVZ2Qu2jqaKThdmY4Xf6Lz0x0boEfNm+5f8oiaBAj8Fsjil4Ef/gJnqppzqhMP0CIV+mYyHh43YLrlWNHumVq3FI23iMJD0nbUng7+qY3HKpO4c9kml8ysHdagE4r83LmKNDT/54hr3f1Q5gwfLLCgS/KoP2swQGnr1DU6EbkBQMPXFCJoeFy81qEHZUcvizgusQ98HLyZs+OBMfGShEc0DyahOo2rkAU+lFp+8ztVFre6Ar1Cs2H+8lEX8hQEtCIwJfI7BzZQfGGufNr7DOTr+9QVXvSSG3Pa14qfNYtbWPRj+5GwvHlN9OjxqFNZuijJn6f9EcvMks1QbVcv4WO+q1PHwBg4ZVHNWn5EdtIDFm4bAj+zH8+ZtiAOLfPpXMuUPiPY2W1rsU4Unth/4Bfrml5O8KDhRg0W163X3yZzla6pDsH9pEIQWww+cQRm/rrKw3zpKd6d6X1ElH7tGQK9fT4Bgcb90h50E885DwmNzVaN2+gpbCOTnRbKsQDInkjNML2i2AAHw9hgRU6jYtE7UU="", ""Anti"": ""false"", ""Pastebin"": ""null"", ""BDOS"": ""false"", ""Hwid"": 0, ""Delay"": ""3"", ""Group"": ""Default""}}",45[.]200.149.147,Default,uXnIs7mA0Z5R
62afa3a8d6a4c924491c2897acc4ba6fa053108ecc54d8c97503ed2aaa58e2c0,gasgff34534c,4/21/2024,AsyncRat,"{""c2"": [""mrtwinks.duckdns[.]org""], ""port"": [""6666""], ""campaign"": ""3"", ""mutex"": ""sdfsfsdcMutex_6sdfsdf"", ""non_standard"": {""Version: "": ""AWS | 3Losh"", ""Install: "": ""false"", ""InstallFolder: "": ""%AppData%"", ""InstallFile: "": """", ""Key: "": ""cktZTnY5QmJZejhQWnRKV1pheEhmVXQwWFpsU09wZHM="", ""MTX: "": ""sdfsfsdcMutex_6sdfsdf"", ""Certificate: "": ""MIIE8jCCAtqgAwIBAgIQAPeWQ4YJ3MvReCGwLzn7rTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjIwNDI1MDA0MTA5WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKT9nYYTjYTZhY+g1tekZ8/F29gsEIDgf/8odvCbCmYKGGZZi2yND9NjtBXEMANM9PAXCyMapGvapDPbWgjYkLiMw/Vwa3kZRg7kLpXMpzInLQufe7Q587viilcsGDoVXmnf51/SwsKPjSysZUpyayezUlJ1j6aXkZGnasiqJ7iKANdSneQducOn6IwaEuJBmpXKWxhhq8R9JMfiWeOXL/hXoE/wCzwzvU/CrzPXd3uMsLfFMDHZJ+OQ9OXKU/CHZNCgSPs4VSgCgM4eK0YTbu1mLsWSo5th3/ingNFaTyYmGsmLIE2Jq5AR1A+xA+FEdC8zKL1bAwYQcRgIJs7QdedtAIufepPZ9D5HiOiy3ITYVonqwTiiIm20en7UICt+J8iDb4M2Q2iLWA7Yi9PN2cr0Xrs8A4/RL29Qe5Ly2k35i74RiBTiT7Jbl2r7PcYlUGcjTCbdB9PWt3dYaTysuamoq2Zuo2HVRhhoZpwnajS9vNcjuZCYVoQvUQBUnHTeRZrtHXU5JV59ZBlu7flZneMZnbrWXTxob6Bdt8+hrGoSDMWBFcO4jRzhT3hEFUpu4lSFeb9T3Vx4KWkHJhHtMvHuYgDTXERdEcI00sOUbVxgd/62LhGXNNommQKCyiAGj0V5uLD73Fyw8vJpm3jXf3NgNt/CjnlaMc40DJ+HlXE5AgMBAAGjMjAwMB0GA1UdDgQWBBQsT2WvtxGUK29SWs4sHz1xYye0fzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCK5sVfnYyT5MqnCg3uHV2ojf12fIVFCY02Cc7gy3DVoE6/xZCPjr22V/xZunZ7DG1nt0kOJKDwdQYnGoMc5UPh8jbNRoc1ojLOCaluaIYQyl8AGkmUSRA3Ltk0XetDescffrWT/nKuRvIEYU4Ra+B39f8ouGMCa7VXaxnGJ0z0BkUie8KsDLgNmJ7/kVfIYuRxl+YefoCsUTCogqf0fu3DuRHBpUVaSQQOf9YCbvFWH7Nupc3UIwpH5D8kSdpKusEfbRp8nfWN/Fm+lzF3THeHU6vNJ+5UoAWHYFW8wfJCbzQ/0L8QZeOv4uy74oQP2Ed0RdrWCwUL6SSsDPZdDEOy4K4vVYkDTl1nL5tleATguELAEbbT42oLce85z4C7sKvpEfa4DPbU55xBLwvHniILFfjB7VVsrgVckUL/lEf4Y92uJVKvLGruQt/mtKSqIuJjD8T9y7RIsk6g9624egV5UtLtv+36kLKhgIJlqC7Xx/PVwMc2yw8BiQlvxQZgqSd1k7QmV1AhV/3z2wqnYmb09ibTMYaMFjtamFegeFqc4jRLABhVQFEFv8z5E6G9vgKn5mQDWS/JykARBv9o2BjL/PTADfwAtc1b4nWo0l+CI8IjjYXu/mJOuwR+kFJ19INtwbffQvT9U12t4smpcZV+OK0opk4Yr9r1tZYm92ghXA=="", ""ServerSignature: "": ""fNTXlfUxPyzL4/X1kQN49EzNk6l0OPSXH9lcTIIYzCht8064+Hl13Vt6SoWE5HN4ykJSVT4JvkGC8LjCnh+WRu4lGxfJygnNrwXc+55NMtv2x9lXP57k5weGszwZi6AdWijDQT6u9Rlh1UfhSV3Zfnq8Ilo+cwOvI7CHon49B7bmpUWMdpWQ4BP0csMMk/PI4qZiSpZezS94IL5v04HUA9FFnEUy5wJsfdp4O9f9UpNwM+c73wixSYPGxbABvp5MG5dL2Ma1OwBUHMTNuX7BUQ+Mp6cuJYmricKTX9wcNP9ZIY1Bek2kKI0n7l/p0ZWEUioCc1gy8A3d3jMRbZSVzqojjjTFUXjPVAKtR9rTicS2j82IbEn3nlMN5eyQCLRKbDXH1v3HfU9CCfP5D72cpaNceCJetqB+3SS1e/kPyt5lvK8KM2tCS9+hyciZOy2cB7izurdr88CS20B4WhclgrOD0BU4AHkL0rGxwYOV3JsxgUzbFRVHqa9GqdvTuqj5YqJLTqF1a75/bZKFcBnhw/6O1DnL92C1j0meW6pqP4CcDqexJXC7a6d3DdcjOE7o8JamfX3kKSHgnQSmXTHF8EyHK53vtWggXBGLBaPiWmj8TBL0eGOo3CxgtEIJOrdHuxFZWoEOIzK9IZIQmDn0iRpO9723cfbzL50ix8/QUvQ="", ""Anti: "": ""false"", ""offlineKL: "": ""true"", ""Pastebin: "": ""null"", ""BDOS: "": ""false"", ""Hwid: "": 0, ""Delay: "": ""3"", ""Group: "": ""Twinks3""}}",mrtwinks.duckdns[.]org,3,sdfsfsdcMutex_6sdfsdf
62b3b8180936fd37593dca45af592225ca18bb410a45cdc79fa15726ca7efcf2,NACSKKETTAF,8/15/2024,RedlineStealer,"{""c2"": [""207[.]148.69.28:6608""], ""port"": [], ""campaign"": ""aa.29"", ""mutex"": """", ""non_standard"": {""ID"": ""aa.29"", ""Message"": """", ""Key"": ""Pajock"", ""Version"": ""1""}}",207[.]148.69.28:6608,aa.29,
62cb60775d9215595457d37fd5a8ecc52d0c8474948a3e20acf5e1b01594e239,MTGNSGNADS,7/1/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""ergwgfbrej.duckdns[.]org""], ""port"": [""8010""], ""campaign"": ""Default"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": ""LUNES.exe"", ""Key"": ""c0dEOGVRODVKN0FpbG81ZWE5cmRsQkJLS1V6VFRGNU0="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""M2s54zGpP7vcbBPiioPqXhxUOMNQfimOd7lzEmEKWVgWENFQo4S0AyXjncxJsUFhN6vu3SaYgp5mS6gkcjE3hoyDjVuu2K+WS+v8HgKtbqNYUh7qyVEFtde5ILG5rfENmZF+thkzVGwYv7zh3KYBQ3FnUYpIiApniBUMc/g8q5o="", ""Paste_bin"": ""null"", ""BS_OD"": ""true"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Default"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",ergwgfbrej.duckdns[.]org,Default,DcRatMutex_qwqdanchun
6322d14ec5869367ae5b64fa81eb5958371640fdaa0dac6d5dcdfea35925cf94,fGOoE3tcOtc,11/1/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""procesosespeciales855.casacam[.]net""], ""port"": [""8853""], ""campaign"": ""Solo-Domi-Oros"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""MldpUlFYZHAwZTF3dWR1cmFmOW1pZWVEOFRlU1pHTlg="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""dzzmy4auTq4razCCxJ9UxCmheZJ4VlSHJjDPVHhethxQ6y//N+WEyhllrZCgp8W/ky9ANoX+TI2qAVWfth6+nHayijlRE0Jr45aE1pjCDSyZb0JzM3LV77gQ+PbuaaZfqW4kZxE6f7XvYZxAFrHiupX3OtTYCiW95wYCHoLIh+o="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Solo-Domi-Oros"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",procesosespeciales855.casacam[.]net,Solo-Domi-Oros,DcRatMutex_qwqdanchun
65d074caa3e234445ad29db1ed6977855f4952c2d025c109f8190631dd6487c6,Sep111peSpe,10/11/2024,Remcos,"{""c2"": [""juanruizpu1405.con-ip[.]com:1668""], ""port"": [], ""campaign"": ""UBANCOL"", ""mutex"": ""Rmc-OWARH1"", ""non_standard"": {""c2_list"": ""juanruizpu1405.con-ip[.]com:1668:1\u001e"", ""botnet"": ""UBANCOL"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-OWARH1"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""86CDB103BEE8F4F4E4BB432E59BB138D"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",juanruizpu1405.con-ip[.]com:1668,UBANCOL,Rmc-OWARH1
675fc1d5e9a46f083a088ba32815eb191464ee29ecedc4b50b7ab577597844aa,EFF333peSpe,9/30/2024,Remcos,"{""c2"": [""nwemarkets[.]com:5552""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-ZNN7MN"", ""non_standard"": {""c2_list"": ""nwemarkets[.]com:5552:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-ZNN7MN"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""A3F6C84D59CCA3BF307367052516F5AB"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEGJqf96Pr3a+e6ul4bBsZhcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHmxAg5NrcTZp32pnkW7d+EcAovekXEaevKy4N+VVf1nEUZ8LhoxFHWj7S9uFXC+QTG0px/sdpMdnG8bajhVzpjAKBggqhkjOPQQDAgNIADBFAiEAuKwnnqUNBS6eCdiRr8V/t5qdC+jSMFv2r60Ben+/svkCIC81I759Eg0Vm9NT0eP5+koB9sABzZFyT0DZ+XAWqAYi"", ""tls_key"": ""MHcCAQEEID/jaTUdf6+wSeZd5ojbr0uHgPsqDMAp8flH2leKwbE8oAoGCCqGSM49AwEHoUQDQgAEHmxAg5NrcTZp32pnkW7d+EcAovekXEaevKy4N+VVf1nEUZ8LhoxFHWj7S9uFXC+QTG0px/sdpMdnG8bajhVzpg=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhB16TfaQObPlwZuRbneF89+MAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH5wt/yIPFanDXruFHtjolixNMTei2Go8xqEFqP16m4PMxtWuoUsI7roAj8L6bL0TXIhTosHqJrfDe0eCLT7OjAwCgYIKoZIzj0EAwIDSQAwRgIhAM+elwEkZiNrrYXSOkkn8N2PK9Gtkuk+ibQJGI9JAAd/AiEAjhcFPT6OVJnEa1mLh1MVx/BW7hc3u3z0Ywq80+bO7R0=""}}",nwemarkets[.]com:5552,RemoteHost,Rmc-ZNN7MN
67a6c50a05b7eabf847559671c95f011a534395e4c84eb9e3b1ad3a7cf072187,bbbbb5,1/7/2024,HeartCrypt Developer Test Sample,NONE,,,
688530cee5f95e2040e9d0b5198cb0f530cbccd0160df3827882905f7002879e,Aug222guAgu,8/20/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""puerto4003-envios.mysynology[.]net""], ""port"": [""4003""], ""campaign"": ""AGOO-03-MAN"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""RENGeDVOT1B5NERjWklFYUFJdm02ZEFhR3VHMFNrQUU="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""KMt8AC1lfmGyBr0j0CvHfEP8rl6189uC/Vr20XGjVf8LtrBLch4dDifm21j22dC9HFmArTXX2cMPPG/FLNDb1pz84s7M267Y7yHfYCtC6/8ZaGOVp2c/T+rWL+gUqg7dUjAxwvcrgMz4E2N7kJcIbuScpauBeAGztAZPxjHkhcA="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""AGOO-03-MAN"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",puerto4003-envios.mysynology[.]net,AGOO-03-MAN,DcRatMutex_qwqdanchun
68c75ba3fb131fa8d015169c3dd717f1b79cf2688fe87c87695ba9e04df87695,hoLME2tcOtc,10/21/2024,Remcos,"{""c2"": [""solumintir.duckdns[.]org:1994""], ""port"": [], ""campaign"": ""BUROCRACIA"", ""mutex"": ""Rmc-NCJKEB"", ""non_standard"": {""c2_list"": ""solumintir.duckdns[.]org:1994:1\u001e"", ""botnet"": ""BUROCRACIA"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-NCJKEB"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""52FAB4ABA90AF6988E653D18FACD533A"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",solumintir.duckdns[.]org:1994,BUROCRACIA,Rmc-NCJKEB
69569b6a988642b3bc36370470f71e2471df37b1b441c54f53c8e30b940d79bb,gasgff34534c,4/11/2024,DanaBot,NONE,,,
696a181467746f96cf98cb52d83460fa08ce6baa44d2ddb809a95c6807fb35fe,Aug   guAgu,8/4/2024,HeartCrypt Developer Test Sample,NONE,,,
6b143ed5a1c3865302656c7efa3b4f4806ae208fd995167617bcc49677601d13,DSE222peSpe,10/2/2024,Remcos,"{""c2"": [""eugeniapadillalora09.con-ip[.]com:1880""], ""port"": [], ""campaign"": ""LOS BREEE"", ""mutex"": ""Rmc-7ZCRPC"", ""non_standard"": {""c2_list"": ""eugeniapadillalora09.con-ip[.]com:1880:1\u001e"", ""botnet"": ""LOS BREEE"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-7ZCRPC"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""6F1EDFB348C95F54B26B789C5C0862D6"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA/bK072R8ULSeOSr5wUkeEMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA6VI2iU8kQnjaxGQYZ1oOLiaXXpoQjtj7hJtuy1r3G/TBrRcCL/wyrO0LmSJpiu7EB437pCrDvLOwjUeG7tMkYwCgYIKoZIzj0EAwIDSQAwRgIhAOSn37JeyD+DIWNHGE1xcYdm1RrQ8TT8hiLd9UIfm9uuAiEA7GC6L19W5lN5cfD3Rh2Ior++WuiLxQwnvw7H9AP/egA="", ""tls_key"": ""MHcCAQEEIJG09kVEQDINj8+wjHIe85JcOXQro5U9++N24NOCtOYMoAoGCCqGSM49AwEHoUQDQgAEDpUjaJTyRCeNrEZBhnWg4uJpdemhCO2PuEm27LWvcb9MGtFwIv/DKs7QuZImmK7sQHjfukKsO8s7CNR4bu0yRg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICED1NkqG7jUVs6UE+9lfC9FgwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECd6OUnfQld2gC9x8EQRhtR8SxJVg8oG9XKYRGj3Bl2o3nxXg5UX+DJrxL2ck0tBmDDoUhbl6AoiS4LqLq0jehDAKBggqhkjOPQQDAgNIADBFAiBPs4LgiRbRQ2McVsYAzfd/Q/h5nMAd2ZznwiDFiFSGBQIhANcDTxlBaY+lmnofU7TMD8RRqIs9H3Tqnu3QRNLrm6d0""}}",eugeniapadillalora09.con-ip[.]com:1880,LOS BREEE,Rmc-7ZCRPC
6b6e6a393ad1b3ab46c39b82fefdc51ab0fbfe639ee1d4df3a379ffb74480cdb,xCeDs2tcOtc,10/23/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""octubre212024.giize[.]com""], ""port"": [""2727""], ""campaign"": ""SNOW"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""NElBVkNvRGVTaE5Kb05TTlIzdHBrMlp5SmVJVmgyWmg="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAIGBz6Y+7gj2nikjFjRUrU+W1e6pMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMTIwMTE4NTMxOVoXDTM0MDkwOTE4NTMxOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ7RkCU5e5ZZGOVZ75AKjw+32BE4r7Gh+NDIHidnET15r/o8cPJFvS5gpG4+iibf2Z0nRFnEuoTMJw07xCT/SG57sbHxxQWqLy+MzOO9Ja6xoYoZtHX2eKqlB8q/A+zgAA/ncmt7XysT58Qj/RJ8VVdvTNW2XqUpu67cC4U/VowjAgMBAAGjMjAwMB0GA1UdDgQWBBQGF84dbwRGs8dcAxJjYPEQ0vFz8DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAGElFBgck3Tl9JJ+akExL1Hf05KnfjNQqJh1Pb+sJI9mnuysEVbl9VfAwBmKCdvydwyWbc7opnIfL95l3s1WxqDM2iMqdHvKJAAqrdKbS+41ISGFkJYIApAxxE8iY2y0Nc9h4uS4wQ7EA95s0iYS3FU6a3fTiuBtdWqpIkSmIB3N"", ""Server_signa_ture"": ""f2Wkfn5adMGELu3DfDMW4Ijhuf3EwosUZDWUhbNff2WYaI+bKcqGdDcmiEqwqcE4CvuWu0xQBPt4zN7Y7E41MEqDGTulBAsv3Mw31P3eYrzvXseMAbMBb19v6efkM36a0IgVorfyn9C8XsIRU5ulUeuhfrUm2ASejDD1TaL+/DI="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""SNOW"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",octubre212024.giize[.]com,SNOW,DcRatMutex_qwqdanchun
6bb9fcba87faf95868f5480586f55e97c3734019503aa9bdd6972cf93bb4d102,Aug333guAgu,9/4/2024,XWorm,"{""c2"": [""xwrmsistem.duckdns[.]org""], ""port"": [""7000""], ""campaign"": """", ""mutex"": ""3wMQuoPMT069qkfP"", ""non_standard"": {""KEY"": ""<123456789>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""ENVIO"", ""USBNM"": ""USB.exe"", ""mutex"": ""3wMQuoPMT069qkfP""}}",xwrmsistem.duckdns[.]org,,3wMQuoPMT069qkfP
6be338592a07efe9cedccbeeb21c9b06bb32587fd8ab7d280e2e2d8dc84c17a1,Edwardsigunecia,9/16/2024,Vidar,"{""c2"": [""hXXps://t[.]me/edm0d"", ""hXXps://steamcommunity[.]com/profiles/""], ""port"": [], ""campaign"": """", ""mutex"": """", ""Strings"": [], ""non_standard"": {""dead_drop"": []}}","hXXps://t[.]me/edm0d,hXXps://steamcommunity[.]com/profiles/",,
6c5b19853d6cec2a3f41aac0e437e1ef8241c97925c5154917c92382ae7c7b8f,xCeDs2tcOtc,10/22/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""proyectoxman1.casacam[.]net""], ""port"": [""8852""], ""campaign"": ""New-Era-21"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""UmhKeVlYNWNPYzdNMml1akY1dU5qZmlWdEwzWE12d3I="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""AbJkzgcRGuCRTtNiO1OE2yVIYouT/ceXvrTpztpNKoT/s1rzAJKpFumiEJOGhK4rk7nbNtPxHDaqbN82Hg2aJo+swDY+10WQHzztMSe2c1mKxdmiRQzy/tjz174qTV2YZYCCZjyfdhlhGi3bxBze/YtehWlX+uIDDY/mz2lB4+U="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""New-Era-21"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",proyectoxman1.casacam[.]net,New-Era-21,DcRatMutex_qwqdanchun
6c86bdd53a414f6522501d54738ca618f8dfccb4c31ad80618aad4934f1aecc5,43423fdasfdasfa32143242,3/19/2024,Vidar,"{""c2"": [""hXXps://128[.]140.125.116""], ""port"": [], ""campaign"": ""090efd65e3d48dcede34a8f086aea95f"", ""mutex"": """", ""Strings"": [""GetProcAddress"", ""lstrcatA"", ""OpenEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""FindNextFileA"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""SetFilePointer"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""TerminateProcess"", ""GetCurrentProcessId"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrStrA"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""TRUE"", ""FALSE"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""History"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayVersion"", ""msvcp140.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""*.lnk"", ""Files"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Tox"", ""*.tox"", ""*.ini"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""accounts[.]xml"", ""token: "", ""Software\\Valve\\Steam"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""Content-Type: multipart/form-data; boundary=----"", ""Content-Disposition: form-data; name=\"""", ""build"", ""token"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg"", ""\u0004\u00004\u0000 \u0000e\u0000*\u0000\u001a\u0000S\u0000^\u0000A\u0000*\u0000\u001e\u0000+\u0000\f\u0000T\u00002\u0000i\u0000"", ""\u0004\u00004\u0000 \u0000e\u0000\u0007\u0000\u001d\u0000S\u0000Z\u0000L\u0000'\u0000\u000b\u0000!\u0000\f\u0000M\u0000$\u0000n\u0000""], ""non_standard"": {""dead_drop"": [""hXXps://t[.]me/r2d0s"", ""hXXps://steamcommunity[.]com/profiles/76561199654112719""], ""version"": ""8.4""}}",hXXps://128[.]140.125.116,090efd65e3d48dcede34a8f086aea95f,
6dd66394b84e9e5696fe0b6c72825ecddb40d24707784c6d499398dee18cb50d,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,3/26/2024,Rhadamanthys,NONE,,,
6e6c7b6870291847bb97423e17c9eee895d10f44ed6ab7093ee578d8d86fd606,DSE222peSpe,9/26/2024,AsyncRat,"{""c2"": [""null""], ""port"": [""null""], ""campaign"": ""MagoBR"", ""mutex"": ""5AWqwzqsp3Vj"", ""non_standard"": {""Version: "": ""0.5.8"", ""Install: "": ""false"", ""InstallFolder: "": ""%AppData%"", ""InstallFile: "": """", ""Key: "": ""Z0ZiVlAyUjVWV1BBRkM1b0VMME9KS05lTUsybGttQmY="", ""MTX: "": ""5AWqwzqsp3Vj"", ""Certificate: "": ""MIIE8jCCAtqgAwIBAgIQAMgb7jhECkJRK8Blx94sRTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjQwOTI0MTUxMDM0WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKT/yAl+fDh3XQt4+V2XbHJL9NICir03QynLQp71X0b6Z192MtrFAftlxoCQbgcR0BqGf7egaiS17O14OUGYwMOVMID6FdqOjT1zUgYj1UHxpekSAmBVCN6bCUApRueegrgV5s+cgx2gbTzqko4UbE/oflxFGzFcBseIw99K+O7WJtGjDGH+gu/yDDyq19BySp3mwfijBn8ngZhfnWDMxnzITFK7RN7Ka7VAmpW/1L9tOHlPuIQreZLySOC1njDuhxaLeqYFvqjdNJ61iPDdHr73JADH0dyxjPjqEJF42oK5mGE79LkWPj1DF9/64cUJJRY34OK+Q/qgtPJNFrdDkaO3120Vnjmhrwl4J885UKL6qbMlBdVt5Y8kBlebokN9dE186ue7Z6fCwNBJo6Xxl1rq8+Dk2JpzOyPnlCirj7dEhCiyxYzihi4Js6F/am+L3ZH79sVwrIvVUk4NMPb18TFwJNjXM6GwIzBuGMI0aoqEPuI2yPxDy0vB00n/sMcEE8u0Kl1jz69ToXfUmX7M0R7P7dJ6b72nOt5RPbKeUtomKHrbVJs4f2g2TJokRILte0C7ImTabcg7HGabCu7agT9ZuFAc/BmQyJnauCP/KL0bwssn2Ftm9S9Pta7Lo/+dbG4P+I8NYk2I+TF/3s+tv6R+B3/OTVSD7UG1by83mOvvAgMBAAGjMjAwMB0GA1UdDgQWBBQFvadLJ4qYTdJ7tRaYQKBhaaewNjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAcRCtEpfqpgIFWWfUdwPyKMRtRkLSadLI5rgpPUcpa0Vj9tFuGbtnPJu2zkZN3hg3uv9/WUpXTIvQLurwsRpcDBmr5czOBl0Chy9gxDJfFYVF54pjrWb/Ab6680OrWM02w3PCHjouwE/H73c8UYGeN00pF+ByYY9Dg/GpsOLTC5SCxc3Y68CxbQDBEt9IVViPlCkJLBGUQoUETMAv4ajRQLiVUMqWqqO5ljwQ6MJBN8xhT5VlhJsLaPNUVvVe7KKx3gxABb1sH2/Hl8f84tmd2E69UzjnDCazv55Prd1LkegsKLfilUSnztCb5lkqQ2z8hWMSAgqoazP8dcte1qCex3MQ9+Ztm+hUPa9PDJl9oYOFtdcClbJKhrjKOJ7TIAt9aN5d5ZRWT9RyIahic9i6PVktBPl5B8WTwiWZfjEIk/9Ymp+myXLGgzi1qOKrN8Y8IDK5vKpsx3e7fy5ki7WErB1QChkcuSz+u9fYlMovqirhUCrU+CBWtZ+gNMy4qvt6w/YQo4ZvRFgPBBoT9peQdd/2VWVD7u0Z4IZKXU5rNLSE3fEAUsRy9TMrcDTa74MYMPHP4wI5Vb7J1SVWBk0vQ0aN2NblF/HznvGAJm9phENPhqzG4fGL52uTpdBb8BvX+4RlJLtCXYY6XBkk+fAEfH3jJnwZT98mvN6Q/940Psg=="", ""ServerSignature: "": ""SlZBwjy8dE09NlEkVcrezEshiBIWJa/i65+y26KfaPK6aWNPuaq6xj1yopxAYxxjOz4It7RKxsq81LrHekuuLY05jQpkoFOGFNC1QRSzUvF9KL3+0Aug+s7RFBxx4YSMzM1Mx5VNEcPeaaLjinP84vFn56771AHwA7mlcyuBAxsVnM5++BSMizs2eoy5Q856iLvhKqVTO6/Yi58fccNxPURieip4bQbxytCwZS9rOX3PqjPqXVazXMNuwxJA3ackfCdPZdEW83upFrAxri76tXZvIP4ONYTJLnXvyFMy9QkULKJl6fdNFZjxWkSSlX+J8E/q4lS6Rz1SodegniC6UgUwdZ5n58ZiiPp8VRtXNtx8JmHDXNh+JjPl5Ol1wtW5M1OtyqM00WHoLONDVPf82bX6A764NS7ozG6oCL+saXZmGhylb4AovPwMOt3i4CEAWBTk7KuU0VmEolRtpnB3qd19svBTeGXVZO1omdNKvpwaeIhQoVckmvPnTlPIqOpsqjcxcINsA+ZWVSVX+Z0OxO6p40UWThLuSrsYhGHax6iq59oa+SK8qt1vcjqVazHIEps39rL7OUAULbekrujwAAYdtfQifaw5jEKfTenqSbNe+a1xKBIOERph6eIErJBh0kxOayL3Q9gZbqtuYzDefV2pHQ6XJ6h8zyxkgYnl7xg="", ""Anti: "": ""false"", ""Pastebin: "": ""hXXp://91[.]202.233.181/any"", ""BDOS: "": ""true"", ""Hwid: "": 0, ""Delay: "": ""3"", ""Group: "": ""MagoBR""}}",hXXp://91[.]202.233.181/any,MagoBR,5AWqwzqsp3Vj
6e9fa11b15e70c30b55369e69a64e96283d47476a0ff6f59c1daf079208b9401,Aug 11guAgu,8/10/2024,Vidar,"{""c2"": [""hXXps://195[.]201.118.191""], ""port"": [], ""campaign"": ""e4c95706ca9ca1f557526e6bb6442743"", ""mutex"": """", ""Strings"": [""INSERT_KEY_HERE"", ""GetProcAddress"", ""LoadLibraryA"", ""lstrcatA"", ""OpenEventA"", ""CreateEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""VirtualAlloc"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""advapi32.dll"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""GetUserNameA"", ""CreateDCA"", ""GetDeviceCaps"", ""CryptStringToBinaryA"", ""sscanf"", ""NtQueryInformationProcess"", ""VMwareVMware"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""HeapFree"", ""GetFileSize"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""FreeLibrary"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""GetWindowsDirectoryA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""DeleteFileA"", ""FindNextFileA"", ""LocalFree"", ""FindClose"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""ReadFile"", ""SetFilePointer"", ""WriteFile"", ""CreateFileA"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""lstrcpynA"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""GlobalAlloc"", ""OpenProcess"", ""TerminateProcess"", ""GetCurrentProcessId"", ""gdiplus.dll"", ""ole32.dll"", ""bcrypt.dll"", ""wininet.dll"", ""shlwapi.dll"", ""shell32.dll"", ""psapi.dll"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GdipFree"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""wsprintfA"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""wsprintfW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegCloseKey"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""ShellExecuteExA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrCmpCA"", ""StrStrA"", ""StrCmpCW"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmGetList"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Init"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""profile: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies"", ""TRUE"", ""FALSE"", ""Autofill"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""Web Data"", ""History"", ""logins[.]json"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""IndexedDB"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""Local State"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""ProductName"", ""x32"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayName"", ""DisplayVersion"", ""freebl3.dll"", ""mozglue.dll"", ""msvcp140.dll"", ""nss3.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""/c start "", ""%DESKTOP%"", ""%APPDATA%"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%DOCUMENTS%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""%RECENT%"", ""*.lnk"", ""Files"", ""\\discord\\"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Telegram"", ""Tox"", ""*.tox"", ""*.ini"", ""Password"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\r.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""00000001"", ""00000002"", ""00000003"", ""00000004"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""\\.purple\\"", ""accounts[.]xml"", ""dQw4w9WgXcQ"", ""token: "", ""Software\\Valve\\Steam"", ""SteamPath"", ""\\config\\"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""sqlite3.dll"", ""browsers"", ""done"", ""Soft"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""https"", ""Content-Type: multipart/form-data; boundary=----"", ""HTTP/1.1"", ""Content-Disposition: form-data; name=\"""", ""hwid"", ""build"", ""token"", ""file_name"", ""file"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg""], ""non_standard"": {""dead_drop"": [""hXXps://t[.]me/pech0nk"", ""hXXps://steamcommunity[.]com/profiles/76561199751190313""], ""version"": ""10.7""}}",hXXps://195[.]201.118.191,e4c95706ca9ca1f557526e6bb6442743,
6f18b851eb475096072b9a3eefd392cb2f9f6f2f8f7f7ba90606ebda1a6a3f36,Aug111guAgu,8/18/2024,XWorm,"{""c2"": [""stronglife.zapto[.]org""], ""port"": [""7001""], ""campaign"": """", ""mutex"": ""lzUvENEdwcoW1QP4"", ""non_standard"": {""KEY"": ""<123456789>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""XWorm V5.7"", ""USBNM"": ""USB.exe"", ""InstallDir"": ""%AppData%"", ""InstallStr"": ""xvhost.exe"", ""mutex"": ""lzUvENEdwcoW1QP4""}}",stronglife.zapto[.]org,,lzUvENEdwcoW1QP4
6f4774324d33fab7b2ed9ddd09d417a2a4a44f65510c8504307810d63a3e1078,ExDCE voNvo,11/2/2024,Vidar,"{""c2"": [""hXXps://tougn[.]website"", ""hXXps://95[.]217.28.72""], ""port"": [], ""campaign"": """", ""mutex"": """", ""Strings"": [], ""non_standard"": {""dead_drop"": [""hXXps://steamcommunity[.]com/profiles/76561199794498376"", ""http://localhost:9223/json"", ""hXXps://t[.]me/asg7rd""]}}","hXXps://tougn[.]website,hXXps://95[.]217.28.72",,
707d9cf7b6c65e87d3b3d656f9643371b5ff629db8bac714a252c41988b83306,D=ABKJ>MC@M,10/19/2024,HeartCrypt Developer Test Sample,NONE,,,
7167bf5b03b02439900fe494f21ecaa00127e039e5f43c2814882c9b543b61fd,OopPS1tcOtc,10/18/2024,Remcos,"{""c2"": [""dcfdsfde.ydns[.]eu:1991""], ""port"": [], ""campaign"": ""AMITRER"", ""mutex"": ""Rmc-7V7PAI"", ""non_standard"": {""c2_list"": ""dcfdsfde.ydns[.]eu:1991:1\u001e"", ""botnet"": ""AMITRER"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-7V7PAI"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""52FAB4ABA90AF6988E653D18FACD533A"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",dcfdsfde.ydns[.]eu:1991,AMITRER,Rmc-7V7PAI
71fc81dacb3b48b07278fb1b7eb71fbb7526354cc784b9ffa76b626a4d50a11d,MENOLOVECROWDSTRIKE,5/13/2024,LummaStealer,"{""c2"": [""smallelementyjdui[.]shop"", ""prideconstituiiosjk[.]shop"", ""minorittyeffeoos[.]shop"", ""appetitesallooonsj[.]shop"", ""headraisepresidensu[.]shop"", ""tendencyportionjsuk[.]shop"", ""lineagelasserytailsd[.]shop"", ""sofaprivateawarderysj[.]shop"", ""wastwfulldashiwnjs[.]shop""], ""port"": [], ""campaign"": ""JNrMLk--mypro"", ""mutex"": """", ""non_standard"": {}}","smallelementyjdui[.]shop,prideconstituiiosjk[.]shop,minorittyeffeoos[.]shop,appetitesallooonsj[.]shop,headraisepresidensu[.]shop,tendencyportionjsuk[.]shop,lineagelasserytailsd[.]shop,sofaprivateawarderysj[.]shop,wastwfulldashiwnjs[.]shop",JNrMLk--mypro,
74554ddbee138be6723c9e2808d22525cfbcdb4450e712935073ef29dcf426a3,ACXNSGNADS,6/28/2024,Rhadamanthys,NONE,,,
745bb1bf24225162b5d44873f99807f1f9a90ee34d71e2af0104e6accd6b2d8e,ACXNTGGCXTL,7/18/2024,Rhadamanthys,NONE,,,
749e45ffd6abdd0c7e9217242d20c486c84527759548420cbe66f9ad0445e9fa,CFEAE1tcOtc,10/10/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""NewEra08.casacam[.]net""], ""port"": [""8851""], ""campaign"": ""New-Era10"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""Wjk2cW9vSGxneGtZRnBLRnFmelJZOVBaR1ZuaXVOTGY="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""Y290t/J3Af3K6Z3skSku2ZW45u9TYoNDLeeIiGZcIiZi4Fuvw/L3tJhpvVMjzaUdVNdWGn01MirZ4BsH4I0Ty2cweTRgLfiUbsa7IohCr/Lc/dWTdmqYLfgGpqx+XAuEqFmgBeklECSNIcLx7oEhY/yhO9LBRxHCfgL8RYdpYgY="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""New-Era10"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",NewEra08.casacam[.]net,New-Era10,DcRatMutex_qwqdanchun
76d79d6ed1c7aacb7c6fce4136a67d3495c99bfca3f2eb03678c277263dba74c,dGGxS1tcOtc,10/20/2024,Vidar,"{""c2"": [""hXXps://116[.]203.153.40"", ""hXXps://95[.]217.220.103""], ""port"": [], ""campaign"": """", ""mutex"": """", ""Strings"": [], ""non_standard"": {""dead_drop"": [""hXXps://t[.]me/lpnjoke"", ""hXXps://steamcommunity[.]com/profiles/76561199786602107""]}}","hXXps://116[.]203.153.40,hXXps://95[.]217.220.103",,
777892a4b1b38fb5895f899e08b10c32ffb55cda03615d8e1844b22c002da446,GGGSADEFFTL,7/17/2024,Remcos,"{""c2"": [""mfjnfijndifsiisihddd.con-ip[.]com:1668""], ""port"": [], ""campaign"": ""GASTOS"", ""mutex"": ""Rmc-X32CEK"", ""non_standard"": {""c2_list"": ""mfjnfijndifsiisihddd.con-ip[.]com:1668:1\u001e"", ""botnet"": ""GASTOS"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-X32CEK"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""375BA8DEF4E675D2DC93336E56DE93F1"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",mfjnfijndifsiisihddd.con-ip[.]com:1668,GASTOS,Rmc-X32CEK
77ffb29827c2e94dd69821c3cd1eb74866b597a530fdff94c0a88cbbe7bc6642,GGXGTGGCXTL,7/13/2024,HeartCrypt Developer Test Sample,NONE,,,
794c5c420ebee929b7815025fff40b48d7f8981fadaa578dc522f95f30144e61,Sep222peSpe,9/25/2024,Rhadamanthys,NONE,,,
7a07116fe66c2288abd5511f09b30da56b11a2fff49bc9c2efe793b6b8342ff5,CROWDSTRIKE,4/24/2024,LummaStealer,"{""c2"": [""demonstationfukewko[.]shop"", ""liabilitynighstjsko[.]shop"", ""alcojoldwograpciw[.]shop"", ""incredibleextedwj[.]shop"", ""shortsvelventysjo[.]shop"", ""shatterbreathepsw[.]shop"", ""tolerateilusidjukl[.]shop"", ""productivelookewr[.]shop"", ""tolerateilusidjukl[.]shop""], ""port"": [], ""campaign"": ""uXXBlb--porsche911"", ""mutex"": """", ""non_standard"": {}}","demonstationfukewko[.]shop,liabilitynighstjsko[.]shop,alcojoldwograpciw[.]shop,incredibleextedwj[.]shop,shortsvelventysjo[.]shop,shatterbreathepsw[.]shop,tolerateilusidjukl[.]shop,productivelookewr[.]shop,tolerateilusidjukl[.]shop",uXXBlb--porsche911,
7aa4e2b65495e6e77069a6c211fab7a64db0373ff2c6492fa0177f5edce43389,CROWDSTRIKE,4/22/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""reverseproxy.con-ip[.]com""], ""port"": [""4001""], ""campaign"": ""ZCENTIMO-22--2024"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""SkxHVHJKcElpekJ1OG5Pb1JsTHVETnUyZUxScHdaTjI="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""I4nApmwQVbhBQPKclyOaUdVmHfxMtYVi5++uisSmqe94oENRNllocTf5QpMtJdYfPwiOzBkgrs5Xk3ieh7K/QlbzDrNUJ0iU2Pz996okUyz8LqGckTfNtrdI5DY7AMe13WTys68o+wn3+C0N+j49pwO0ZqQs21iEiAxp5NPY3zU="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""ZCENTIMO-22--2024"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",reverseproxy.con-ip[.]com,ZCENTIMO-22--2024,DcRatMutex_qwqdanchun
7ce13f8eff2d3bc5aedbb0b624b9aef6ae0e0391414d5c345b0d2db139290787,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,2/13/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
7d2f6124a32252c6dd8b98e100d57a04d13624efc68bb55a5ff31c4587eceb45,Edwardsigunecia,6/10/2024,Vidar,"{""c2"": [""hXXps://95[.]217.135.112""], ""port"": [], ""campaign"": ""751e57280863e817fc9be2ebcbefab43"", ""mutex"": """", ""Strings"": [""GetProcAddress"", ""LoadLibraryA"", ""lstrcatA"", ""OpenEventA"", ""CreateEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""VirtualAlloc"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""advapi32.dll"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""GetUserNameA"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""NtQueryInformationProcess"", ""VMwareVMware"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""HeapFree"", ""GetFileSize"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""FreeLibrary"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""GetWindowsDirectoryA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""DeleteFileA"", ""FindNextFileA"", ""LocalFree"", ""FindClose"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""ReadFile"", ""SetFilePointer"", ""WriteFile"", ""CreateFileA"", ""FindFirstFileA"", ""CopyFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""lstrcpynA"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""GlobalAlloc"", ""OpenProcess"", ""TerminateProcess"", ""GetCurrentProcessId"", ""gdiplus.dll"", ""ole32.dll"", ""bcrypt.dll"", ""wininet.dll"", ""shlwapi.dll"", ""shell32.dll"", ""psapi.dll"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GdipFree"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""CloseWindow"", ""wsprintfA"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""wsprintfW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegCloseKey"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""ShellExecuteExA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrCmpCA"", ""StrStrA"", ""StrCmpCW"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmGetList"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\\\ProgramData\\\\nss3.dll"", ""NSS_Init"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\\\ProgramData\\\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""profile: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""TRUE"", ""SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies"", ""FALSE"", ""Autofill"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""Name: "", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""Web Data"", ""History"", ""logins[.]json"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""IndexedDB"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""Local State"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion"", ""ProductName"", ""x32"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""DisplayName"", ""HARDWARE\\\\DESCRIPTION\\\\System\\\\CentralProcessor\\\\0"", ""ProcessorNameString"", ""SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall"", ""DisplayVersion"", ""freebl3.dll"", ""mozglue.dll"", ""msvcp140.dll"", ""nss3.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\\\Temp\\\\"", "".exe"", ""runas"", ""open"", ""/c start "", ""%DESKTOP%"", ""%APPDATA%"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%DOCUMENTS%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""%RECENT%"", ""*.lnk"", ""Files"", ""\\\\discord\\\\"", ""\\\\Local Storage\\\\leveldb\\\\CURRENT"", ""\\\\Local Storage\\\\leveldb"", ""\\\\Telegram Desktop\\\\"", ""key_datas"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Telegram"", ""Tox"", ""*.tox"", ""*.ini"", ""Password"", ""\\\\Outlook\\\\accounts[.]txt"", ""Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows Messaging Subsystem\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Pidgin"", ""Software\\\\Microsoft\\\\Office\\\\13.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Software\\\\Microsoft\\\\Office\\\\14.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Software\\\\Microsoft\\\\Office\\15.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""\\\\.purple\\\\"", ""Software\\\\Microsoft\\\\Office\\16.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""accounts[.]xml"", ""Software\\\\Microsoft\\\\Windows Messaging Subsystem\\\\Profiles\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""00000001"", ""00000002"", ""00000003"", ""00000004"", ""dQw4w9WgXcQ"", ""token: "", ""Software\\\\Valve\\\\Steam"", ""SteamPath"", ""\\\\config\\\\"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\\\Steam\\\\"", ""sqlite3.dll"", ""browsers"", ""done"", ""Soft"", ""\\\\Discord\\\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\\\ProgramData\\\\*.dll\""\"" & exit"", ""C:\\\\Windows\\\\system32\\\\cmd.exe"", ""https"", ""Content-Type: multipart/form-data; boundary=----"", ""POST"", ""HTTP/1.1"", ""Content-Disposition: form-data; name=\"""", ""hwid"", ""build"", ""token"", ""file_name"", ""file"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg"", ""uh]"", ""uh]""], ""non_standard"": {""dead_drop"": [""hXXps://steamcommunity[.]com/profiles/76561199698764354"", ""hXXps://t[.]me/r8z0l""], ""version"": ""10""}}",hXXps://95[.]217.135.112,751e57280863e817fc9be2ebcbefab43,
7d597bb449c2f24194319179e51fcaf3cdcbb0464319c113e233a7b9eda3e57a,DSE222peSpe,9/21/2024,LummaStealer,"{""c2"": [""carrtychaintnyw[.]shop"", ""quotamkdsdqo[.]shop"", ""milldymarskwom[.]shop"", ""metallygaricwo[.]shop"", ""opponnentduei[.]shop"", ""puredoffustow[.]shop"", ""achievenmtynwjq[.]shop"", ""chickerkuso[.]shop"", ""aviatiiitwinq[.]shop""], ""port"": [], ""campaign"": ""YT6gHy--"", ""mutex"": """", ""non_standard"": {}}","carrtychaintnyw[.]shop,quotamkdsdqo[.]shop,milldymarskwom[.]shop,metallygaricwo[.]shop,opponnentduei[.]shop,puredoffustow[.]shop,achievenmtynwjq[.]shop,chickerkuso[.]shop,aviatiiitwinq[.]shop",YT6gHy--,
7d5c2be07e27f1ee25850b537337e520f823b1cddc2acbf22c4fe01f3a94b8df,gasgff34534c,8/28/2024,HeartCrypt Developer Test Sample,NONE,,,
7e3015b04d355414d86c2a2124380d31d5f11b7b5996acb081b6f8a8fca0ee45,CFEAE1tcOtc,10/12/2024,LummaStealer,"{""c2"": [""drawwyobstacw[.]sbs"", ""condifendteu[.]sbs"", ""ehticsprocw[.]sbs"", ""vennurviot[.]sbs"", ""resinedyw[.]sbs"", ""enlargkiw[.]sbs"", ""allocatinow[.]sbs"", ""mathcucom[.]sbs"", ""resinedyw[.]sbs""], ""port"": [], ""campaign"": ""sG8pjw--MagooBR"", ""mutex"": """", ""non_standard"": {}}","drawwyobstacw[.]sbs,condifendteu[.]sbs,ehticsprocw[.]sbs,vennurviot[.]sbs,resinedyw[.]sbs,enlargkiw[.]sbs,allocatinow[.]sbs,mathcucom[.]sbs,resinedyw[.]sbs",sG8pjw--MagooBR,
7f23b1ad84caae1102f06614550b1911691445ed7ffd1790208984fc5c37d441,dEaCE2tcOtc,10/23/2024,Remcos,"{""c2"": [""blees7.duckdns[.]org:7770""], ""port"": [], ""campaign"": ""BLESS"", ""mutex"": ""Rmc-T4LH1H"", ""non_standard"": {""c2_list"": ""blees7.duckdns[.]org:7770:1\u001e"", ""botnet"": ""BLESS"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-T4LH1H"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""589EE363882E3928F66CF7B837BAD87C"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",blees7.duckdns[.]org:7770,BLESS,Rmc-T4LH1H
7f68acaaa1fde023747d47b2e66515a3ed9408a80e3ec1596d8a76aec0a9437f,HONEYIAMHOME,4/26/2024,PureCrypt Loader,NONE,,,
7fd1c60a9db98539700314f893c6b8408ee83fe4655b70f040b61a853821f99c,b66dd5sss,1/5/2024,HeartCrypt Developer Test Sample,NONE,,,
7fefc8a574e655e534f74b031a23616d1a72b876ee3daad9ffd24fe49a3847ec,Sep   peSpe,10/16/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""209[.]126.4.168""], ""port"": [""8848""], ""campaign"": ""Smokee"", ""mutex"": ""Jl6dTyOlKEa8qbRLi/bbkQ=="", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""ZmdSdUREWmpsME16bkdMVWNrdUk0d2R1Umw2N3VsdzU="", ""MTX"": ""Jl6dTyOlKEa8qbRLi/bbkQ=="", ""Certifi_cate"": ""MIICKjCCAZOgAwIBAgIVAOchts2jH7Uom0LJqRLvMyP37A8tMA0GCSqGSIb3DQEBDQUAMF4xDzANBgNVBAMMBlNtb2tlZTETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMTAxODIyMjA0NloXDTM0MDcyNzIyMjA0NlowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJwcOzWfVtVyMBd09JcHQkTEOlxUv4qmCSItxfAPBfD1ggF6GAM5YW5epjKiwUgnVB4fmK0zTeBL5IuB+JZXdVhMa7uiGxNGpVtF2fThI18BoIqbmzZwXFb/ZhEoCk6G1ZgyRLH2U02HT9gqZQfXJmjxy1fGOAv+aAIDxwBTFfhnAgMBAAGjMjAwMB0GA1UdDgQWBBRH1UzdAOnuLie6DppRxcDX/H5KkDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBABLefHl9wmRirskj5TPEqfWqE7BUQ+uGHrOcfw9H2QqVtQjy6JN/L9alhM7nCbL8g+x9OlCzrA3FoqdLxlv8GIYt8WLgeIA+eqvxNfz4GrxH9egdDARyIJJvgpA9jKRhvUc8weBn9Swaujz8xV+bCUcD9MHgM3vMOwyuLjWWPZkI"", ""Server_signa_ture"": ""IABJCgotYPG62vd1p+1gV70S2bNj0KEnBULxx4Rd9d4554SdhCHl9UxlsvXFNhjCFUAs63fG+rd/GeaGnoSCg0xqN3TRR0H/rua/9CpspCyDBiMw5N5uKrgWUqj14c+EI9c6sE93bKcbzSBABrO9QEokp44BMDIfeW/qkjKIwsY="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Smokee"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",209[.]126.4.168,Smokee,Jl6dTyOlKEa8qbRLi/bbkQ==
809204d2979b2018756ca18a0d6a33812c96c3b6cfeff4788f705fb976c5b026,43423fdasfdasfa32143242,5/8/2024,Remcos,"{""c2"": [""peleinufele.kozow[.]com:32024""], ""port"": [], ""campaign"": ""tutt0a"", ""mutex"": ""Rmc-YRYWDT"", ""non_standard"": {""c2_list"": ""peleinufele.kozow[.]com:32024:1\u001e"", ""botnet"": ""tutt0a"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-YRYWDT"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""FE9112C3A3EAC3347E039B2736B0234D"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH+MIGmoAMCAQICEGpoKzudZS3sOPyEpDnUrGkwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMe6VFnwSMwvvmGZ3iI+rT1mDnW32CVl6U4JwC4UZQMpa8XWM1ykiU11vygxjCgVS96kcZ35z2De9IO/wZJSIqTAKBggqhkjOPQQDAgNHADBEAiBeOMrSAtyPulfhnlOYQNfB8Z0gpLUy1BYIhmKRkTCmwQIgGVQuQ1AlYOSbzvOEbfKRvYKlLb5BYX8pwGLDDwenS6M="", ""tls_key"": ""MHcCAQEEINkJqagYLofZRaJQ+MugH35u96n9w49L950KPwQ4x6cBoAoGCCqGSM49AwEHoUQDQgAEMe6VFnwSMwvvmGZ3iI+rT1mDnW32CVl6U4JwC4UZQMpa8XWM1ykiU11vygxjCgVS96kcZ35z2De9IO/wZJSIqQ=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICEHMZIVxbQafi3pd9umuYyeUwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExJKR6YvrohTSXADsi1r2wFyfkc6uPOssMaZOpNADa/YjlIj3SepxrrDumv5TIJaa5YMoCEYV3dN0CyAqx8J3ATAKBggqhkjOPQQDAgNIADBFAiBHiJVSorIHU8t9IxrM5hi1POrZUS+rMqMEevV9CowJnwIhAPcg1iTyF4WJtMS2tuo/lvhYjUL8IYdJcMz5s00kFBok""}}",peleinufele.kozow[.]com:32024,tutt0a,Rmc-YRYWDT
813cbee9920207ad9683a367b90ccd92821ac761453e3a2e18bb68af74c457dd,ACXNSGNADS,7/1/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""dcmayofornuevo.dynuddns[.]com""], ""port"": [""7997""], ""campaign"": ""27 de Junio"", ""mutex"": ""JYdgdgGRFBH"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""UzVGU0QzVG1oZUVQTnpnamV4c05xMHVXUVBMZFBBNmE="", ""MTX"": ""JYdgdgGRFBH"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n"", ""Server_signa_ture"": ""ICpmvcq2NmOAgc7lbVfvKlZsIuXBDUbFbKsSXy5hLTVPPgLtdMnlqC/b5DgOg8i/0wibVCVPgFHLWv2T6+3CkA4WIKQLnWncX4rzTbb/xRrvvMO0BrvGkgM0+b7F0nujmWeBjtUHW3erdD//qyJ7kFD1fs9BT0zs2B/w/X++piM="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""27 de Junio"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",dcmayofornuevo.dynuddns[.]com,27 de Junio,JYdgdgGRFBH
816276f8a28efd4134c8bba50f2a4271ddda713706f9e805701f3b15a1318e77,OopPS1tcOtc,10/24/2024,Remcos,"{""c2"": [""azul.accesscam[.]org:2609""], ""port"": [], ""campaign"": ""BENDECIDO"", ""mutex"": ""Rmc-X4PMRI"", ""non_standard"": {""c2_list"": ""azul.accesscam[.]org:2609:0\u001e"", ""botnet"": ""BENDECIDO"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-X4PMRI"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""A5C3210D8A48C157A6878C927E9AB298"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": """", ""tls_key"": """", ""tls_raw_peer_certificate"": """"}}",azul.accesscam[.]org:2609,BENDECIDO,Rmc-X4PMRI
818f21b679e26ea67dbe65df1deb5c728214c9007793ac18cb9ecd139dc9aa88,Aug   guAgu,8/10/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""closeconection.duckdns[.]org""], ""port"": [""3030""], ""campaign"": ""SERVER"", ""mutex"": ""oBXhRczYLEK7pvut4VQvAQ"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""Y05xSUxIN2ZlWXY3VzVGR1NyNXZDNXNwZkVTNHpmdXM="", ""MTX"": ""oBXhRczYLEK7pvut4VQvAQ"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVALioZC/2aE0iKcezeec58B4BBE41MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDcxNDEyNTgyNloXDTM0MDQyMjEyNTgyNlowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJgC2Z1LCePECMpC4iOxQTZ9tyHz6FaqYYvHfk8Wxxfo/VYw5zIpYqJ+i1WLo2w60zhKIKb3X6UNxiUGfw5iPCTSZcY7tVqJzaT7aC3ReOCBv8aBPqxmDc28nop6vWDM8XviV72Bfn4JMBJTpMzaCa7HiLltG9ImDNWU3Cd6FdndAgMBAAGjMjAwMB0GA1UdDgQWBBT/b6Gm031oZwWfvR8LV7vd1+2j4TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAFwJqwys12BgiX2oQYsvNg3QupHF+uDATscsH5t9FMH9neJuQ/M5xXCnYg0CVmJQ9Nlp4qEzx9a+vfpF8h2hAEMWrgh1vm0OpSvvmNOBq+y/JlY8sXhGksSYcX6vEH6LGuhgv+d63NKamgh7exHzYY5+ruM7mMgNJeA51BAoMbcw"", ""Server_signa_ture"": ""E7ugL/Ahp74HSSUGrOiRMWJyrw4A/j4saiGkcVU8QW3EAs0ae8jesVNsaSDdiG4rloOfgwxesAzuYWlsrG2vZS5aTpPdXDsi2iTXgPMdLOaJBtJlOPvWWNStsYE44pm6sngzfE+arYAEF9Rv5t3kh1cdL8tvECDa862C640OZ7w="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""SERVER"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",closeconection.duckdns[.]org,SERVER,oBXhRczYLEK7pvut4VQvAQ
82c0608d335a64c32af8041ec8212df46d742fffbdb89bfffd58fa34a90ae654,Aug222guAgu,8/28/2024,LummaStealer,"{""c2"": [""caffegclasiqwp[.]shop"", ""stamppreewntnq[.]shop"", ""stagedchheiqwo[.]shop"", ""millyscroqwp[.]shop"", ""evoliutwoqm[.]shop"", ""condedqpwqm[.]shop"", ""traineiwnqo[.]shop"", ""locatedblsoqp[.]shop"", ""applieddyooqnz[.]shop""], ""port"": [], ""campaign"": ""YT6gHy--"", ""mutex"": """", ""non_standard"": {}}","caffegclasiqwp[.]shop,stamppreewntnq[.]shop,stagedchheiqwo[.]shop,millyscroqwp[.]shop,evoliutwoqm[.]shop,condedqpwqm[.]shop,traineiwnqo[.]shop,locatedblsoqp[.]shop,applieddyooqnz[.]shop",YT6gHy--,
82dc456673c70d3e2b6e7b8b2a6c06488dd2bffe2f3320f6ee54352514a316b1,gasgff34534c,3/25/2024,HeartCrypt Developer Test Sample,NONE,,,
82f9a9e5d6837b58bed5f8f8571afc31b570a5d2db6befe3459b09f161114e37,cjkpqineuvl,10/19/2024,HeartCrypt Developer Test Sample,NONE,,,
84702a49d1fecf7a4267701c105a714d34250e3c31ec2495660edeac53f54ceb,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,3/11/2024,RedlineStealer,"{""c2"": [""5[.]161.190.139:13757""], ""port"": [], ""campaign"": ""X"", ""mutex"": """", ""non_standard"": {""ID"": ""X"", ""Message"": """", ""Key"": ""Scenically"", ""Version"": ""1""}}",5[.]161.190.139:13757,X,
85ff8d9d2f577cedd1ebee022dfbc8192fdb5ee16e39dc9f03743739b6d5c4e7,gasgff34534c,10/4/2024,JasonStealer,NONE,,,
87f954a96ff46df18d7103c05102f23441838d3c0f157380466764dfac2079e2,oXCEd3tcOtc,10/30/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""procesosespeciales855.casacam[.]net""], ""port"": [""8853""], ""campaign"": ""Solo-Domi-Oros"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""MldpUlFYZHAwZTF3dWR1cmFmOW1pZWVEOFRlU1pHTlg="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""dzzmy4auTq4razCCxJ9UxCmheZJ4VlSHJjDPVHhethxQ6y//N+WEyhllrZCgp8W/ky9ANoX+TI2qAVWfth6+nHayijlRE0Jr45aE1pjCDSyZb0JzM3LV77gQ+PbuaaZfqW4kZxE6f7XvYZxAFrHiupX3OtTYCiW95wYCHoLIh+o="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Solo-Domi-Oros"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",procesosespeciales855.casacam[.]net,Solo-Domi-Oros,DcRatMutex_qwqdanchun
8a4b53fd2a5246edb67124673b2c324db27b443f856c7193d8c5417d793835b1,43423fdasfdasfa32143242,5/13/2024,RedlineStealer,NONE,,,
8a9d1cf4089c57e19bbeb819b57cd3a458d067d65dc03d39c25dcc35cc9ce229,ATGNSGNADS,6/29/2024,Remcos,"{""c2"": [""uhd87327hd7b9jduwjlask.con-ip[.]com:5023""], ""port"": [], ""campaign"": ""26==26jun=2024"", ""mutex"": ""Rmc-ZTD1DJ"", ""non_standard"": {""c2_list"": ""uhd87327hd7b9jduwjlask.con-ip[.]com:5023:1\u001e"", ""botnet"": ""26==26jun=2024"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-ZTD1DJ"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""C20517AB558A9DC90A2795945C7E97BB"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA/bK072R8ULSeOSr5wUkeEMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA6VI2iU8kQnjaxGQYZ1oOLiaXXpoQjtj7hJtuy1r3G/TBrRcCL/wyrO0LmSJpiu7EB437pCrDvLOwjUeG7tMkYwCgYIKoZIzj0EAwIDSQAwRgIhAOSn37JeyD+DIWNHGE1xcYdm1RrQ8TT8hiLd9UIfm9uuAiEA7GC6L19W5lN5cfD3Rh2Ior++WuiLxQwnvw7H9AP/egA="", ""tls_key"": ""MHcCAQEEIJG09kVEQDINj8+wjHIe85JcOXQro5U9++N24NOCtOYMoAoGCCqGSM49AwEHoUQDQgAEDpUjaJTyRCeNrEZBhnWg4uJpdemhCO2PuEm27LWvcb9MGtFwIv/DKs7QuZImmK7sQHjfukKsO8s7CNR4bu0yRg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICED1NkqG7jUVs6UE+9lfC9FgwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECd6OUnfQld2gC9x8EQRhtR8SxJVg8oG9XKYRGj3Bl2o3nxXg5UX+DJrxL2ck0tBmDDoUhbl6AoiS4LqLq0jehDAKBggqhkjOPQQDAgNIADBFAiBPs4LgiRbRQ2McVsYAzfd/Q/h5nMAd2ZznwiDFiFSGBQIhANcDTxlBaY+lmnofU7TMD8RRqIs9H3Tqnu3QRNLrm6d0""}}",uhd87327hd7b9jduwjlask.con-ip[.]com:5023,26==26jun=2024,Rmc-ZTD1DJ
8dc7fbdfac755d60ce05b1c223c174ba13abd78eb01aa538b37c0b812ece3aa5,nEdxC2tcOtc,10/30/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""word8328.duckdns[.]org""], ""port"": [""8328""], ""campaign"": ""MM-oct-30"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""b2t4UUdmWXdLM2JXRHNIUTZjUkNMNTBjQ3RrS29sajI="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""M/JvE0xXHqxeN6o5s9xR+Ru6gW8M4kpFBKdz4CNBiKrfcSoPVTfOml1wDE7xtxBM5CluTldVnAeJYg8XKPRXj3z7pgxk7FaOLwo8kpnVeYksQmv+E3lFsMMyyFZDkzpWqVT3vWq1BMM/N2VmAm/cCMDohVIRTeFrYnkwBphYBiw="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""MM-oct-30"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",word8328.duckdns[.]org,MM-oct-30,DcRatMutex_qwqdanchun
8dca20407ba9cecc0a6d87adafbcccebc37d865caedee29af0e54f718f150966,HONEYIAMHOME,4/21/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
8de2fd12c142b386f6465f4fe39ab08bed03823e0a01fd0ea2794b2c21710e62,Edwardsigunecia,6/5/2024,VenomRat,"{""c2"": [""80[.]76.49.148""], ""port"": [""4545""], ""campaign"": ""Default"", ""mutex"": ""jiytpolsfawmdcmo"", ""non_standard"": {""Ver_sion"": ""Venom RAT + HVNC + Stealer + Grabber  v6.0.2"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""TmJVamZaMjE0a05UQWlzd2RKcDRTNXpFdzZ5cDh3UHI="", ""MTX"": ""jiytpolsfawmdcmo"", ""Certifi_cate"": ""MIICLzCCAZigAwIBAgIVAMlWIVjWC1nh9ktodokpLXg1Z7jDMA0GCSqGSIb3DQEBDQUAMGAxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjEOMAwGA1UECwwFVmVub20xGjAYBgNVBAoMEVZlbm9tUkFUIEJ5IFZlbm9tMQswCQYDVQQHDAJTSDELMAkGA1UEBhMCQ04wHhcNMjIwNDIzMDE0ODMzWhcNMzMwMTMwMDE0ODMzWjATMREwDwYDVQQDDAhWZW5vbVJBVDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApVFyhBoFr/9yziPYmAfupGi+6Dr9HlSEu4y7EX9UWIylw9CS4Voa/+1ncAOzogfrktnFzQ8mi0CRy5KZ/h/xY3W/RZXSOuTiBxwuYJ21ZyP0F3NE0Dk0iKJbBQvE/zmGVU3o0nSQEJ5eKQF9cj8SCsEac4tcpOeJWGRR4EOaNH8CAwEAAaMyMDAwHQYDVR0OBBYEFAXo7kHUsbMm0Un9lzKiyH3ZKuRhMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADgYEAToihy3/hoIiQqRgL8LQs+1ZyJfdHwOCmbsgIXHWfuygpkNuCVgWyx00+6WG1rrFOf0JZMar0D7txlc/bnAasiYPUL5EXEL/uikR3e8zzcQOhRAszKHobjW3VxGBYxClWdkhDZNxoiXTPs53aoby1ddub4dbDXQzIo//fNN30FNc="", ""Server_signa_ture"": ""pAqlbdZY2zEuxL1ypGReNRheljUxOQXOyDgHvLs8y8x4quHpM4RR9w8qyoFxtKqOdcXSrE+z7wPKMuE6AUJAHhZ9TC0PP3jgB5DSZFF/JMBPNrNspUaDhYbLGx5ICj+supKWJjww2ijLxnPdxdG7321UU/uqVytq/mUZzhXPqc8="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Default"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",80[.]76.49.148,Default,jiytpolsfawmdcmo
8e042392a04fc5aa858ba8f96ebdae676e2b959217e2d5c43252632337144da6,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,3/9/2024,Meterpreter,NONE,,,
8e521953f01b56f163a5d7ca777cdbef86f1d9291bf994d3ba35cb0e89729da0,gasgff34534c,10/16/2024,Remcos,"{""c2"": [""goatratedman[.]com:4050"", ""extendedbreakfast[.]com:5140""], ""port"": [], ""campaign"": ""zuma"", ""mutex"": ""bghtyi-ILS8CA"", ""non_standard"": {""c2_list"": ""goatratedman[.]com:4050:0\u001eextendedbreakfast[.]com:5140:0\u001e"", ""botnet"": ""zuma"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""bghtyi-ILS8CA"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""B0317C8A9682B5CD58EB6644CD15AFBF"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": """", ""tls_key"": """", ""tls_raw_peer_certificate"": """"}}","goatratedman[.]com:4050,extendedbreakfast[.]com:5140",zuma,bghtyi-ILS8CA
8e6c2886d27ae580561350564d94625f0151ad0ae5b64c0a58ffce8ffeb01ffa,Aug 11guAgu,8/13/2024,AsyncRat,"{""c2"": [""209[.]126.4.168""], ""port"": [""7780""], ""campaign"": ""Smoke"", ""mutex"": ""AcaYhh-WYZ121F"", ""non_standard"": {""Version"": ""| Edit 3LOSH RAT"", ""Install"": ""false"", ""InstallFolder"": ""%AppData%"", ""InstallFile"": """", ""Key"": ""bDJPbEVjUk8xQkFGdkgxb2J4VzZaTEpRUXFXQVFmVWU="", ""MTX"": ""AcaYhh-WYZ121F"", ""Certificate"": ""MIIE8jCCAtqgAwIBAgIQAPeWQ4YJ3MvReCGwLzn7rTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjIwNDI1MDA0MTA5WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKT9nYYTjYTZhY+g1tekZ8/F29gsEIDgf/8odvCbCmYKGGZZi2yND9NjtBXEMANM9PAXCyMapGvapDPbWgjYkLiMw/Vwa3kZRg7kLpXMpzInLQufe7Q587viilcsGDoVXmnf51/SwsKPjSysZUpyayezUlJ1j6aXkZGnasiqJ7iKANdSneQducOn6IwaEuJBmpXKWxhhq8R9JMfiWeOXL/hXoE/wCzwzvU/CrzPXd3uMsLfFMDHZJ+OQ9OXKU/CHZNCgSPs4VSgCgM4eK0YTbu1mLsWSo5th3/ingNFaTyYmGsmLIE2Jq5AR1A+xA+FEdC8zKL1bAwYQcRgIJs7QdedtAIufepPZ9D5HiOiy3ITYVonqwTiiIm20en7UICt+J8iDb4M2Q2iLWA7Yi9PN2cr0Xrs8A4/RL29Qe5Ly2k35i74RiBTiT7Jbl2r7PcYlUGcjTCbdB9PWt3dYaTysuamoq2Zuo2HVRhhoZpwnajS9vNcjuZCYVoQvUQBUnHTeRZrtHXU5JV59ZBlu7flZneMZnbrWXTxob6Bdt8+hrGoSDMWBFcO4jRzhT3hEFUpu4lSFeb9T3Vx4KWkHJhHtMvHuYgDTXERdEcI00sOUbVxgd/62LhGXNNommQKCyiAGj0V5uLD73Fyw8vJpm3jXf3NgNt/CjnlaMc40DJ+HlXE5AgMBAAGjMjAwMB0GA1UdDgQWBBQsT2WvtxGUK29SWs4sHz1xYye0fzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCK5sVfnYyT5MqnCg3uHV2ojf12fIVFCY02Cc7gy3DVoE6/xZCPjr22V/xZunZ7DG1nt0kOJKDwdQYnGoMc5UPh8jbNRoc1ojLOCaluaIYQyl8AGkmUSRA3Ltk0XetDescffrWT/nKuRvIEYU4Ra+B39f8ouGMCa7VXaxnGJ0z0BkUie8KsDLgNmJ7/kVfIYuRxl+YefoCsUTCogqf0fu3DuRHBpUVaSQQOf9YCbvFWH7Nupc3UIwpH5D8kSdpKusEfbRp8nfWN/Fm+lzF3THeHU6vNJ+5UoAWHYFW8wfJCbzQ/0L8QZeOv4uy74oQP2Ed0RdrWCwUL6SSsDPZdDEOy4K4vVYkDTl1nL5tleATguELAEbbT42oLce85z4C7sKvpEfa4DPbU55xBLwvHniILFfjB7VVsrgVckUL/lEf4Y92uJVKvLGruQt/mtKSqIuJjD8T9y7RIsk6g9624egV5UtLtv+36kLKhgIJlqC7Xx/PVwMc2yw8BiQlvxQZgqSd1k7QmV1AhV/3z2wqnYmb09ibTMYaMFjtamFegeFqc4jRLABhVQFEFv8z5E6G9vgKn5mQDWS/JykARBv9o2BjL/PTADfwAtc1b4nWo0l+CI8IjjYXu/mJOuwR+kFJ19INtwbffQvT9U12t4smpcZV+OK0opk4Yr9r1tZYm92ghXA=="", ""Serversignature"": ""J4HYiLsJcnm3Ij7WD3jII1iRaaWVsCq/iVzblXMDVhsP6XZexMRXTccfLw8OzJNpwSR5iDayGCnrRCE2sY5VKMOloGvJ92k/5mtAAmy18v0oKDW2vh19U/kR31V5XFNRvUnUaxSEUKo78EVz1GcTwLcwZ7eelp2Gm0qd0puNNFLTf3Jcpn3RM/ICl81tWVuiUP07+chgds9WHV0VO3gTHBavIgbrQl8SozT+0Co2AQEYjNNL9gsE49kjX1pDtvoYa5hCVrfHTPVIhxRZqBYklMRFE/hxmDnskILGIKssKdGN6J/huNkg1seoWRtT5utn2/JOuWXyC8Jjx8sFfKmZ36BsUevVote1rw9eMotfBu8ApT1Rd7g7qMiWnCmK5iVN6p8Z20l0TiINWaI2buqLYuniKRyAG4syjA+moMRlLYUDCvjqaFW06rpHBOWMnuQVv2L4JTfdPJsBOItET0dIjGr7ZDV/J5/xvtCC0iZhSTOrKay8sRr0BgYUelcRLXHRKXJz8gWltwhbjChoa2vbTFDfBptm7delWNaygYb9TTyu2dPq/4fOz+8t2QGMoSL5hlpdVGHhJST+9KdYHC+3Kyx9xRMd93wRGduyVSkgy8GCkD7LGxcWo4kRKkkV3y/JLq0fJrMRFtYO14bThYMuDE6kJNDswgQnfnkIPVQFQb4="", ""Anti"": ""false"", ""offlineKL"": ""false"", ""Pastebin"": ""null"", ""BDOS"": ""false"", ""Hwid"": 0, ""Delay"": ""3"", ""Group"": ""Smoke""}}",209[.]126.4.168,Smoke,AcaYhh-WYZ121F
8e761990bd71d47cdb207f1492a9e4ade71ad95c1eaed69a3826e9ee5b74306a,GGGSADEFFTL,7/17/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""dashboard.dynuddns[.]com""], ""port"": [""22077""], ""campaign"": ""17-Julio"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""d3BoemlXcnU5ZVE5TVBNT29JZm9MWUZVeWJab013d0w="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n"", ""Server_signa_ture"": ""axfoVQRYNKct8uLRYXzPUNbFk6NdGv7xWXv56QTvede2JghD96+vPmZG1WpJSygC6XmWcRnaP3ztglyqL3DAs/7pfDqOVV9NpqxJzXWXWkoEqDuBlg3MGvBjuO0+WvKYOnvyEoO0ShpgZ5xMQ8Qo3wD9eQxuQX2BV8HmU/LQrCs="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""17-Julio"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",dashboard.dynuddns[.]com,17-Julio,DcRatMutex_qwqdanchun
8f959c31ab0f7560c0ceaccb3ed44abe8c531eacf9d6689c1b0bb9cf7cc1446b,IF_YOU_ARE_READING_THIS_FUCK_OFF),3/15/2024,Rhadamanthys,NONE,,,
8fa717459c332d72e379363eecdcf23790244c589055d69e984acdc56875a05e,NACSKKETTAF,8/2/2024,Vidar,"{""c2"": [""hXXps://188[.]245.87.202""], ""port"": [], ""campaign"": ""5b0092ed2396c3bd3b4369a6d64ff8d5"", ""mutex"": """", ""Strings"": [""INSERT_KEY_HERE"", ""GetProcAddress"", ""LoadLibraryA"", ""lstrcatA"", ""OpenEventA"", ""CreateEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""VirtualAlloc"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""advapi32.dll"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""GetUserNameA"", ""CreateDCA"", ""GetDeviceCaps"", ""CryptStringToBinaryA"", ""sscanf"", ""NtQueryInformationProcess"", ""VMwareVMware"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""HeapFree"", ""GetFileSize"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""FreeLibrary"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""GetWindowsDirectoryA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""DeleteFileA"", ""FindNextFileA"", ""LocalFree"", ""FindClose"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""ReadFile"", ""SetFilePointer"", ""WriteFile"", ""CreateFileA"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""lstrcpynA"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""GlobalAlloc"", ""OpenProcess"", ""TerminateProcess"", ""GetCurrentProcessId"", ""gdiplus.dll"", ""ole32.dll"", ""bcrypt.dll"", ""wininet.dll"", ""shlwapi.dll"", ""shell32.dll"", ""psapi.dll"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GdipFree"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""wsprintfA"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""wsprintfW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegCloseKey"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""ShellExecuteExA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrCmpCA"", ""StrStrA"", ""StrCmpCW"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmGetList"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Init"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""profile: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies"", ""TRUE"", ""FALSE"", ""Autofill"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""Web Data"", ""History"", ""logins[.]json"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""IndexedDB"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""Local State"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""ProductName"", ""x32"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayName"", ""DisplayVersion"", ""freebl3.dll"", ""mozglue.dll"", ""msvcp140.dll"", ""nss3.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""/c start "", ""%DESKTOP%"", ""%APPDATA%"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%DOCUMENTS%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""%RECENT%"", ""*.lnk"", ""Files"", ""\\discord\\"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Telegram"", ""Tox"", ""*.tox"", ""*.ini"", ""Password"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\r.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""00000001"", ""00000002"", ""00000003"", ""00000004"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""\\.purple\\"", ""accounts[.]xml"", ""dQw4w9WgXcQ"", ""token: "", ""Software\\Valve\\Steam"", ""SteamPath"", ""\\config\\"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""sqlite3.dll"", ""browsers"", ""done"", ""Soft"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""https"", ""Content-Type: multipart/form-data; boundary=----"", ""HTTP/1.1"", ""Content-Disposition: form-data; name=\"""", ""hwid"", ""build"", ""token"", ""file_name"", ""file"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg""], ""non_standard"": {""dead_drop"": [""hXXps://t[.]me/armad2a"", ""hXXps://steamcommunity[.]com/profiles/76561199747278259""], ""version"": ""10.6""}}",hXXps://188[.]245.87.202,5b0092ed2396c3bd3b4369a6d64ff8d5,
91d7d28c0897e0c33e2229133f9ebe6b15255c8a7bbbf6c7c3f0bd1438ae58c3,Aug333guAgu,8/30/2024,Remcos,"{""c2"": [""alvarolopezpu1458.con-ip[.]com:1661""], ""port"": [], ""campaign"": ""ROSALINDA"", ""mutex"": ""Rmc-FVREK5"", ""non_standard"": {""c2_list"": ""alvarolopezpu1458.con-ip[.]com:1661:1\u001e"", ""botnet"": ""ROSALINDA"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-FVREK5"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""86CDB103BEE8F4F4E4BB432E59BB138D"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",alvarolopezpu1458.con-ip[.]com:1661,ROSALINDA,Rmc-FVREK5
91e3a3d0cb48bbc343badd86994ebf1858671fd1a9408534e60bbca47198c45e,Sep   peSpe,9/9/2024,LummaStealer,"{""c2"": [""commisionipwn[.]shop"", ""stitchmiscpaew[.]shop"", ""ignoracndwko[.]shop"", ""grassemenwji[.]shop"", ""charistmatwio[.]shop"", ""basedsymsotp[.]shop"", ""complainnykso[.]shop"", ""preachstrwnwjw[.]shop"", ""dealleromwn[.]shop""], ""port"": [], ""campaign"": ""YT6gHy--"", ""mutex"": """", ""non_standard"": {}}","commisionipwn[.]shop,stitchmiscpaew[.]shop,ignoracndwko[.]shop,grassemenwji[.]shop,charistmatwio[.]shop,basedsymsotp[.]shop,complainnykso[.]shop,preachstrwnwjw[.]shop,dealleromwn[.]shop",YT6gHy--,
93769b51b829c4aa014a10179e40ff91492dbb70986d2b0af8b86901a4fae25c,hoLME2tcOtc,10/25/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""azul.accesscam[.]org"", ""octubre18.ydns[.]eu"", ""octubre212024.giize[.]com""], ""port"": [""2727""], ""campaign"": ""NUEVO"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""eFdyb21hdjVIZFhlSnBXYjVWRm8wbDBsWjJndmZZUXk="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAIGBz6Y+7gj2nikjFjRUrU+W1e6pMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMTIwMTE4NTMxOVoXDTM0MDkwOTE4NTMxOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ7RkCU5e5ZZGOVZ75AKjw+32BE4r7Gh+NDIHidnET15r/o8cPJFvS5gpG4+iibf2Z0nRFnEuoTMJw07xCT/SG57sbHxxQWqLy+MzOO9Ja6xoYoZtHX2eKqlB8q/A+zgAA/ncmt7XysT58Qj/RJ8VVdvTNW2XqUpu67cC4U/VowjAgMBAAGjMjAwMB0GA1UdDgQWBBQGF84dbwRGs8dcAxJjYPEQ0vFz8DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAGElFBgck3Tl9JJ+akExL1Hf05KnfjNQqJh1Pb+sJI9mnuysEVbl9VfAwBmKCdvydwyWbc7opnIfL95l3s1WxqDM2iMqdHvKJAAqrdKbS+41ISGFkJYIApAxxE8iY2y0Nc9h4uS4wQ7EA95s0iYS3FU6a3fTiuBtdWqpIkSmIB3N"", ""Server_signa_ture"": ""eKsAbMN+WllP16JQyjcxJZlnyOlAwHlnR0cu4EbXN3WhPLUOn8OOKBnXxgAwRlW0glAXQ9ky6nqJlAIUFAMfWmToeEZ/dMNY9SUT9H0LOe21h44QCFWmgEi24otiu0mG801Bi1Gho8tLMlSvbUx1pMPF+wV1lYPwSwG4taKWb0g="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""NUEVO"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}","azul.accesscam[.]org,octubre18.ydns[.]eu,octubre212024.giize[.]com",NUEVO,DcRatMutex_qwqdanchun
93b533bc390adceda0347abfd1c1c65682b20a22c19483a1ebd30918acbbfd96,MTGNSGNADS,5/4/2024,XWorm,"{""c2"": [""134[.]122.130.229""], ""port"": [""80""], ""campaign"": """", ""mutex"": ""qyZ3D5i0o5EkBuCC"", ""non_standard"": {""KEY"": ""<123456789>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""XWorm V5.2"", ""USBNM"": ""USB.exe"", ""mutex"": ""qyZ3D5i0o5EkBuCC""}}",134[.]122.130.229,,qyZ3D5i0o5EkBuCC
9423522a796f3190f1e434382e3760294527dae11844bd9aece3ee70899a74c6,bbbbb5,2/8/2024,HeartCrypt Developer Test Sample,NONE,,,
967516fbdc5dfb43e1f3ab8f5a6713e226b4b0d1a556c1933381086587a5b2db,oEODf2tcOtc,10/27/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""puerto4001.duckdns[.]org""], ""port"": [""4001""], ""campaign"": ""BLAS-25-LLEGADERA-PAINT"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""eTVEdlVmQWhuNzRob2w0TFFQTFlLcHZKVldJakhDNFc="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""IRKIIP2uhfW1w5zr5SEwZrxlZdOVSH0lvW1lZ6l/eNCBnuvcErHDHQ4XaFoALWfqFOciQREEcuPfa6YxKziiOZjCQQbQjE0LnvvoS77wEL67q3i4LUD3xSdgSXsWDx+q5LwcxK/NUkPjctjsTzfQalvrzWDuNgfZx2FZk6Lrpzc="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""BLAS-25-LLEGADERA-PAINT"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",puerto4001.duckdns[.]org,BLAS-25-LLEGADERA-PAINT,DcRatMutex_qwqdanchun
97175f477ed70cb8ab8e64165325586111a3946433bbae9e03b8273ac0602e3e,HONEYIAMHOME,4/22/2024,PureCrypt Loader,NONE,,,
9793a21d1a2074106d2123fdf40c23a57aab35f7f0afe2eb254d888fc5abe5f9,MTGNSGNADS,5/31/2024,AsyncRat,"{""c2"": [""octubre.dynuddns[.]com""], ""port"": [""6606""], ""campaign"": ""3"", ""mutex"": ""AsyncMutex_6SI8OkPnk"", ""non_standard"": {""Version: "": ""| nelsontriana980"", ""Install: "": ""false"", ""InstallFolder: "": ""%AppData%"", ""InstallFile: "": """", ""Key: "": ""ZXBvaVM4QmRiTnpIQ2lqRklwYzlzTGFWU2ZkMmJxaWo="", ""MTX: "": ""AsyncMutex_6SI8OkPnk"", ""Certificate: "": ""MIIE8jCCAtqgAwIBAgIQAPeWQ4YJ3MvReCGwLzn7rTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjIwNDI1MDA0MTA5WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKT9nYYTjYTZhY+g1tekZ8/F29gsEIDgf/8odvCbCmYKGGZZi2yND9NjtBXEMANM9PAXCyMapGvapDPbWgjYkLiMw/Vwa3kZRg7kLpXMpzInLQufe7Q587viilcsGDoVXmnf51/SwsKPjSysZUpyayezUlJ1j6aXkZGnasiqJ7iKANdSneQducOn6IwaEuJBmpXKWxhhq8R9JMfiWeOXL/hXoE/wCzwzvU/CrzPXd3uMsLfFMDHZJ+OQ9OXKU/CHZNCgSPs4VSgCgM4eK0YTbu1mLsWSo5th3/ingNFaTyYmGsmLIE2Jq5AR1A+xA+FEdC8zKL1bAwYQcRgIJs7QdedtAIufepPZ9D5HiOiy3ITYVonqwTiiIm20en7UICt+J8iDb4M2Q2iLWA7Yi9PN2cr0Xrs8A4/RL29Qe5Ly2k35i74RiBTiT7Jbl2r7PcYlUGcjTCbdB9PWt3dYaTysuamoq2Zuo2HVRhhoZpwnajS9vNcjuZCYVoQvUQBUnHTeRZrtHXU5JV59ZBlu7flZneMZnbrWXTxob6Bdt8+hrGoSDMWBFcO4jRzhT3hEFUpu4lSFeb9T3Vx4KWkHJhHtMvHuYgDTXERdEcI00sOUbVxgd/62LhGXNNommQKCyiAGj0V5uLD73Fyw8vJpm3jXf3NgNt/CjnlaMc40DJ+HlXE5AgMBAAGjMjAwMB0GA1UdDgQWBBQsT2WvtxGUK29SWs4sHz1xYye0fzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCK5sVfnYyT5MqnCg3uHV2ojf12fIVFCY02Cc7gy3DVoE6/xZCPjr22V/xZunZ7DG1nt0kOJKDwdQYnGoMc5UPh8jbNRoc1ojLOCaluaIYQyl8AGkmUSRA3Ltk0XetDescffrWT/nKuRvIEYU4Ra+B39f8ouGMCa7VXaxnGJ0z0BkUie8KsDLgNmJ7/kVfIYuRxl+YefoCsUTCogqf0fu3DuRHBpUVaSQQOf9YCbvFWH7Nupc3UIwpH5D8kSdpKusEfbRp8nfWN/Fm+lzF3THeHU6vNJ+5UoAWHYFW8wfJCbzQ/0L8QZeOv4uy74oQP2Ed0RdrWCwUL6SSsDPZdDEOy4K4vVYkDTl1nL5tleATguELAEbbT42oLce85z4C7sKvpEfa4DPbU55xBLwvHniILFfjB7VVsrgVckUL/lEf4Y92uJVKvLGruQt/mtKSqIuJjD8T9y7RIsk6g9624egV5UtLtv+36kLKhgIJlqC7Xx/PVwMc2yw8BiQlvxQZgqSd1k7QmV1AhV/3z2wqnYmb09ibTMYaMFjtamFegeFqc4jRLABhVQFEFv8z5E6G9vgKn5mQDWS/JykARBv9o2BjL/PTADfwAtc1b4nWo0l+CI8IjjYXu/mJOuwR+kFJ19INtwbffQvT9U12t4smpcZV+OK0opk4Yr9r1tZYm92ghXA=="", ""ServerSignature: "": ""nEHxPFXf3RswSuf+YD21WTLGElgVmDInOmBFAUG1uev3Egu7ZGihgGjs4C+hIwl9AEpFzixyO9eGCVaY9gy0mcxUD6nzM86Zp7elDW2vo/YRbCtrqHMraIFGVFbDSY5WYuSTZgQK/KEd+deyEM8Bko/rTl6uE48ejByetG84rBVlRmPq1mehe6KCx+3IMKaPEeaoBIDT4j1/o8nf6zu6FEbbsPBL/uJpUro4o89P9enFJXXxn/xeuUleMKtRoK8M+X/MAsnfn2T5HWLaKjCg17Q9LVDJCRQ58ZBvBRcVNfPn2mA9ebLjZk1VxZ9AH120nF/4lYJSCIK8jssR6FNE9ZnlC9IY/iT5tIZv8xtD8V3E7A15cGRIT9wSmm2rVtoj3dF5xNo5kUPvy4bvLyS/BIXwqZmM1a9gG5Mcus+C3phro9kfYmgNebGuCil746iFYK4+zSJZa1s5fo8RFWXjGifCoEsJYokfDjG7KD9funO0PY5KZFMA1+gIBy0a51MX/wS2mEm1iupOkyxomHuSzVNLQhWVZITxF/aT8qfw2w0ZiyJGyr+LI4S9opx4DRp+NaoP+nai80P2HQM8RZ71wibN6CvezrcFLDqU3UihvqS03A+usX0+xwv1VAVTSE9rbcLRmmWcAFeBfhJqm3PusPNu8uuyJyJqs9phCua4s6k="", ""Anti: "": ""false"", ""offlineKL: "": ""true"", ""Pastebin: "": ""null"", ""BDOS: "": ""false"", ""Hwid: "": 0, ""Delay: "": ""3"", ""Group: "": ""Pasar-octubre[.]dynuddns""}}",octubre.dynuddns[.]com,3,AsyncMutex_6SI8OkPnk
97dc03d1700efcffed27aad93ec05b36a404a6919f93f6c60e95e5c4a9d65cd9,s1thebestidiots,4/20/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
9910510ef16cd791eacb868d63f33db54c7ca6343a470b97bbda3ab53a0af1e1,Edwardsigunecia,8/25/2024,HeartCrypt Developer Test Sample,NONE,,,
9a3a26bd98c511627d2b384bce4c46c538a67f24c66459acd0af467fca4bdd08,gasgff34534c,4/3/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""abrilmarzonh.4cloud[.]click""], ""port"": [""2202""], ""campaign"": ""03-Abril"", ""mutex"": ""UJVX0046KAG14FGF52"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""elFWN3p1SklwQUZyUkVBWFpLRlVrbmJEdXdta2NUZkQ="", ""MTX"": ""UJVX0046KAG14FGF52"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVALjlQ8iZsJidYXF7zF8NMuZym+47MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMTAxNTE0MTMwNFoXDTMzMDcyNDE0MTMwNFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIY39JSnAXbeQ1LbIwZAN/bZB7O1nMDYJb3J+jhsrzx75UiOfRAzByeL3ITZHZ2Kp0N97poLwE564FJ2iq40eLAEt772MJJAAevLD8u5VmJbEJ+7U80IUqyWbn0kFYg48yfKgqiPSkUzAD6vuF1sQde84uKmmHCkbX8xnUA7B+azAgMBAAGjMjAwMB0GA1UdDgQWBBT0uPrJGuIcYsPIizKiu4vWbzM7xjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBABR6Kz2CEk4IlRCX4Jr45AJSLkfyTtQee8Myu2QT83rr7JIC4afIq5JtZdnZxlZHzV7BZHGeZjaR58RecGc5sw2zUS4HB0I7ontCCo3Qyd0ujKBqkK4nef9ZACbmO9kM+Piqdplae5MhMLU+EBVDrMFvc1WiWy5uNd0Rr/NJj36l"", ""Server_signa_ture"": ""fD/lUMfuhPeUer/VKiOakaOK0r4OwNEI3u9CwbQnE8FdAzdc6pIGzHZgsmEKKecWzunbORq39TjCEG8SmY/VHtG/c9KF91xczPZrdIKGaDvr7VEjK//jSgeUvpJRicHuGdeui6MIyFl2lTwQ9GGAUwFKB335WTKj+9aDQKFz3Hk="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""03-Abril"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",abrilmarzonh.4cloud[.]click,03-Abril,UJVX0046KAG14FGF52
9a42637e8c5229a0b84c28892e030c5b9d07cd32ccb5bdc0cc6f0633113c8fe2,nEdxC2tcOtc,10/29/2024,Vidar,"{""c2"": [""hXXps://tougn[.]website"", ""hXXps://95[.]217.28.72"", ""hXXp://147[.]45.78.18:80""], ""port"": [], ""campaign"": """", ""mutex"": """", ""Strings"": [], ""non_standard"": {""dead_drop"": [""hXXps://steamcommunity[.]com/profiles/76561199794498376"", ""hXXps://t[.]me/asg7rd"", ""hXXps://t[.]me/fun88rockskek"", ""http://localhost:9223/json""]}}","hXXps://tougn[.]website,hXXps://95[.]217.28.72,hXXp://147[.]45.78.18:80",,
9af467c9392af012bf687f347c0192296d131791b4c7cb74d1dac1622db8f8cb,gasgff34534c,3/25/2024,HeartCrypt Developer Test Sample,NONE,,,
9bd724fbb3e9c42122711c756c27fd8ceaf01f48e5d59a8935f4b67fb8246b3c,xCeDs2tcOtc,10/24/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""proyectoxman1.casacam[.]net""], ""port"": [""8852""], ""campaign"": ""New-Era-21"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""UmhKeVlYNWNPYzdNMml1akY1dU5qZmlWdEwzWE12d3I="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""AbJkzgcRGuCRTtNiO1OE2yVIYouT/ceXvrTpztpNKoT/s1rzAJKpFumiEJOGhK4rk7nbNtPxHDaqbN82Hg2aJo+swDY+10WQHzztMSe2c1mKxdmiRQzy/tjz174qTV2YZYCCZjyfdhlhGi3bxBze/YtehWlX+uIDDY/mz2lB4+U="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""New-Era-21"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",proyectoxman1.casacam[.]net,New-Era-21,DcRatMutex_qwqdanchun
9c843456235244f095b5e021ca82e4805cd94ac732ae8b7a35a021f18117637c,AFD   tcOtc,10/7/2024,Remcos,"{""c2"": [""segurosbolivar24.con-ip[.]com:2006""], ""port"": [], ""campaign"": ""FRESA"", ""mutex"": ""mnhdgtdhjaukdjnsbhdioz-Z6YHMX"", ""non_standard"": {""c2_list"": ""segurosbolivar24.con-ip[.]com:2006:0\u001e"", ""botnet"": ""FRESA"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""mnhdgtdhjaukdjnsbhdioz-Z6YHMX"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""registros[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Capturas de pantalla"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""regis"", ""enable_watchdog_flag"": 0, ""license"": ""F273B648551AE369A1D767CB8954FBC7"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": """", ""tls_key"": """", ""tls_raw_peer_certificate"": """"}}",segurosbolivar24.con-ip[.]com:2006,FRESA,mnhdgtdhjaukdjnsbhdioz-Z6YHMX
9d96d963705e996e6618f11bc32894e0ce5bc1410db62f43ed79ea546e93d743,EXC   tcOtc,10/8/2024,LummaStealer,"{""c2"": [""drawwyobstacw[.]sbs"", ""condifendteu[.]sbs"", ""ehticsprocw[.]sbs"", ""vennurviot[.]sbs"", ""resinedyw[.]sbs"", ""enlargkiw[.]sbs"", ""allocatinow[.]sbs"", ""mathcucom[.]sbs"", ""spikeduggli[.]buzz""], ""port"": [], ""campaign"": ""YT6gHy--"", ""mutex"": """", ""non_standard"": {}}","drawwyobstacw[.]sbs,condifendteu[.]sbs,ehticsprocw[.]sbs,vennurviot[.]sbs,resinedyw[.]sbs,enlargkiw[.]sbs,allocatinow[.]sbs,mathcucom[.]sbs,spikeduggli[.]buzz",YT6gHy--,
9e0258a3894bd522fe9e21b89074c24014605e9ffb767121180f3d75db12f8ef,,1/2/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
9ef95f67e220bb2c21e564af32614ba616871a79e96e0d50a441470f3605345b,DSE222peSpe,9/21/2024,Remcos,"{""c2"": [""jorgeperezpu145.con-ip[.]com:1661""], ""port"": [], ""campaign"": ""VUENDIA"", ""mutex"": ""Rmc-I897UU"", ""non_standard"": {""c2_list"": ""jorgeperezpu145.con-ip[.]com:1661:1\u001e"", ""botnet"": ""VUENDIA"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-I897UU"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""86CDB103BEE8F4F4E4BB432E59BB138D"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",jorgeperezpu145.con-ip[.]com:1661,VUENDIA,Rmc-I897UU
9f529e7032cf9d504aff60de83a033584462d40bb50988b83702b1f63ec7ca07,Aug222guAgu,8/20/2024,Vidar,"{""c2"": [""hXXps://135[.]181.31.18""], ""port"": [], ""campaign"": ""99a9950fed7b1d95c81a34479cfbefe2"", ""mutex"": """", ""Strings"": [""INSERT_KEY_HERE"", ""GetProcAddress"", ""lstrcatA"", ""OpenEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""NtQueryInformationProcess"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""FindNextFileA"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""SetFilePointer"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""TerminateProcess"", ""GetCurrentProcessId"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrStrA"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""TRUE"", ""FALSE"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""History"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayVersion"", ""msvcp140.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""*.lnk"", ""Files"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Tox"", ""*.tox"", ""*.ini"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""accounts[.]xml"", ""token: "", ""Software\\Valve\\Steam"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""Content-Type: multipart/form-data; boundary=----"", ""Content-Disposition: form-data; name=\"""", ""build"", ""token"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg""], ""non_standard"": {""dead_drop"": [""hXXps://t[.]me/iyigunl"", ""hXXps://steamcommunity[.]com/profiles/76561199761128941""], ""version"": ""10.8""}}",hXXps://135[.]181.31.18,99a9950fed7b1d95c81a34479cfbefe2,
a2da8a89a8ecc2651f242c68c2e332a1391f4aa535fb1336123898d8cc6050dc,GGXGTGGCXTL,7/13/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
a306e433e72c97ac9016f9f260f882362d7dfa8735f86384ee70046304430e25,hoLME2tcOtc,10/21/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""mnnioudfd.duckdns[.]org""], ""port"": [""8010""], ""campaign"": ""OCTU21"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""Q2xlSVRMemRVV09oWUFkemtQVmExV2lIS2R6WWdMNHM="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""crW3xchoa8p98IdgMs9fUj0WFsrGhGT/CLb6/07ZVQwengJBzYL9+VDfbmCmZF/LcaRhqdZ0TYGrGH0yoneBomLO0ZqBiYMs7sMUeGViY+ffTRDcK98lBvV74f9A7QJUKTML9XkbcjhAlWPrDJBdk/wjckPx0mLJRUFcUJJczQY="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""OCTU21"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",mnnioudfd.duckdns[.]org,OCTU21,DcRatMutex_qwqdanchun
a3a4b56daac71b1ce0b62f548c200323e603555438c7fb1452268bca37c8e94f,Sep222peSpe,9/25/2024,Remcos,"{""c2"": [""nwemarkets[.]com:9774""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-WREC50"", ""non_standard"": {""c2_list"": ""nwemarkets[.]com:9774:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-WREC50"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""A3F6C84D59CCA3BF307367052516F5AB"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEGJqf96Pr3a+e6ul4bBsZhcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHmxAg5NrcTZp32pnkW7d+EcAovekXEaevKy4N+VVf1nEUZ8LhoxFHWj7S9uFXC+QTG0px/sdpMdnG8bajhVzpjAKBggqhkjOPQQDAgNIADBFAiEAuKwnnqUNBS6eCdiRr8V/t5qdC+jSMFv2r60Ben+/svkCIC81I759Eg0Vm9NT0eP5+koB9sABzZFyT0DZ+XAWqAYi"", ""tls_key"": ""MHcCAQEEID/jaTUdf6+wSeZd5ojbr0uHgPsqDMAp8flH2leKwbE8oAoGCCqGSM49AwEHoUQDQgAEHmxAg5NrcTZp32pnkW7d+EcAovekXEaevKy4N+VVf1nEUZ8LhoxFHWj7S9uFXC+QTG0px/sdpMdnG8bajhVzpg=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhB16TfaQObPlwZuRbneF89+MAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH5wt/yIPFanDXruFHtjolixNMTei2Go8xqEFqP16m4PMxtWuoUsI7roAj8L6bL0TXIhTosHqJrfDe0eCLT7OjAwCgYIKoZIzj0EAwIDSQAwRgIhAM+elwEkZiNrrYXSOkkn8N2PK9Gtkuk+ibQJGI9JAAd/AiEAjhcFPT6OVJnEa1mLh1MVx/BW7hc3u3z0Ywq80+bO7R0=""}}",nwemarkets[.]com:9774,RemoteHost,Rmc-WREC50
a3d2ef71d5d8a5f7b1e489f15836d7f4bafcfcdccad2d9dfbfa14fb34e65fd17,asrfde,1/6/2024,HeartCrypt Developer Test Sample,NONE,,,
a555018ed03a0b191f64f625b75cebd9f62c194c7b1c1a66b91266f2f1c1b6c4,dGGxS1tcOtc,10/19/2024,Vidar,"{""c2"": [""hXXps://95[.]217.220.103"", ""hXXps://116[.]203.153.40"", ""hXXp://107[.]191.36.218:80""], ""port"": [], ""campaign"": """", ""mutex"": """", ""Strings"": [], ""non_standard"": {""dead_drop"": [""hXXps://steamcommunity[.]com/profiles/76561199786602107"", ""hXXps://t[.]me/lpnjoke"", ""hXXps://t[.]me/fun88rockskek""]}}","hXXps://95[.]217.220.103,hXXps://116[.]203.153.40,hXXp://107[.]191.36.218:80",,
a5a396bad1ea1b656780b72200bb7ec8fec12cb0694be2b8943ac40e138cf09a,EFF   tcOtc,10/1/2024,Remcos,"{""c2"": [""vcvfdjvodsuhvf.con-ip[.]com:1661""], ""port"": [], ""campaign"": ""XIOAMORT"", ""mutex"": ""Rmc-ALVZO2"", ""non_standard"": {""c2_list"": ""vcvfdjvodsuhvf.con-ip[.]com:1661:1\u001e"", ""botnet"": ""XIOAMORT"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-ALVZO2"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""86CDB103BEE8F4F4E4BB432E59BB138D"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",vcvfdjvodsuhvf.con-ip[.]com:1661,XIOAMORT,Rmc-ALVZO2
a71beab2c962f82db197b85a490c8f7ab82d8bb1a861b85f95635cca10223fcc,MENOLOVECROWDSTRIKE,5/28/2024,Rhadamanthys,NONE,,,
a9aa8684fd492083ee04b150344411dea5d3560e87d4dafe7cca03889789689f,OopPS1tcOtc,10/18/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""esteeselprpio.duckdns[.]org""], ""port"": [""2239""], ""campaign"": ""18 OCTUBRE"", ""mutex"": ""estees"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""dFdFNGtaVXZIM2pKaE9QdFg2bGtOMDlYV0cwMThtRVY="", ""MTX"": ""estees"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVALHnIPqvO0ejsIiXRAS4cjBZw0S5MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMTAxMzE2NDExOFoXDTMzMDcyMjE2NDExOFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAI9TFguVgCTtF7U7ZaWys4ygvnAGaWgPqOEwcHdwkQ/clDk+TcRb2GA2NOGmrx4CTSEjxO9rcffe+KH/fqI4iMeJENTGQppXZ2U9364EL6jR+2RZZsNj6BKCmal9X2cF4hNjmqw6eYJNz0oAIzEXaa1haNUmF8DAGBUcPJTYLEXRAgMBAAGjMjAwMB0GA1UdDgQWBBQZcjTnccP11MPXG5vPC6QzfmaTJTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAE9RAtXZ3EBORUg4Gv1XH/0bPpBcSqnBYrWNk4GEntDsNKVGpc927yFnHtuoRPh+ZgPwNfeVidop5WckVEYBBwb6R1YOHuhrTKs5fi/8Uvdnyvspng7RtsgVGIDTLg6bMFaZ6tnuQBjnijtgPtpawqnu49I6cDphXwpqLnuQLUzJ"", ""Server_signa_ture"": ""RYIIEtUh5MLAoEILlMH52YqkXVhihXoOVW95q+xKD5ZaI1kkiCopMlY6MPs5YMRGL3YLIhUQIMV4wIOBkAKJEluyLjcji5roiQPAoNSgq7/azyOse1sSXgtIEdDMsY7/hIpYZwGy2ak4PbFBD0tVxNi2kQtsBZ3gZ1oW2GCLfos="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""18 OCTUBRE"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",esteeselprpio.duckdns[.]org,18 OCTUBRE,estees
aa8e104dcdc6c58d726bd32d3ac32b3eae96ae2ffa591d9c9303f57f3d046e35,ANDREYISNOTHAPPEITE,9/12/2024,LummaStealer,"{""c2"": [""caffegclasiqwp[.]shop"", ""stamppreewntnq[.]shop"", ""stagedchheiqwo[.]shop"", ""millyscroqwp[.]shop"", ""evoliutwoqm[.]shop"", ""condedqpwqm[.]shop"", ""traineiwnqo[.]shop"", ""locatedblsoqp[.]shop"", ""obstacleosdsapq[.]shop""], ""port"": [], ""campaign"": ""JangOo--"", ""mutex"": """", ""non_standard"": {}}","caffegclasiqwp[.]shop,stamppreewntnq[.]shop,stagedchheiqwo[.]shop,millyscroqwp[.]shop,evoliutwoqm[.]shop,condedqpwqm[.]shop,traineiwnqo[.]shop,locatedblsoqp[.]shop,obstacleosdsapq[.]shop",JangOo--,
aab1bf3a2a549c076a55b67c11c3af04813380b87c1a2d45cdddf52d25c15bd5,LStAFAGTUEACCCb,10/8/2024,HeartCrypt (Nested Payload),NONE,,,
abcdcdd4493167cbb3ba78c04424355d069c930b4f56a3386af8e9b45c40ed16,CFgFEFSATTPFFEA,10/7/2024,XWorm,"{""c2"": [""91[.]151.89.158""], ""port"": [""7000""], ""campaign"": """", ""mutex"": ""Q8pdIOfxBj8P3o2d"", ""non_standard"": {""XKgpGxqlf34qUdRXCFNbLDn2fL7jberIB2QZdvoQFVfR0TUw1mXtLAAEU3VMn0b5R87YLapHPm8vS72ncOqU6WXok4"": ""<123456789>"", ""eGzUzLHOndPz7z3aLvrzRABlCLg1rviwxRYl951TAXRMCeB8QTIxRzK0lhrVZNshhYPTJHVzheMNKWvyLiPQ4i5lbn"": ""<Xwormmm>"", ""DnUVQoM2JsVkOsgrStgSy9OlBRBpps6ryRW4Ti5ZnyPjwM5go44arrMS9ol7tqluRRwDVz56KfveflNpFdJLVAed1z"": ""3"", ""ifTF1HTDOXU08ngGIieEiZy0jIsTQfAYagFviBlXSpr3EZtf8QnDHYyaDY3aT29cU65WADxJlxjYMcKeIOjqxDSItP"": ""XWorm V5.6"", ""BCwYtaU6jy7bJKQ7UG8v8LcHxnAhFhMsRxdzJPA4qDELCIHIn9rxVV6JyDBi4h12DJfeu8MrIeTYN5MDik6xLDXbPL"": ""USB.exe"", ""JjyjmRPG8sgmB05ej490iZacVZ4oLKyjn6qZhN6uKSEFMoQzQhbmyvrb7SgzCEDGIupM5ZDdnnNyRNowS37x2DtTBX"": ""%LocalAppData%"", ""vqtjusAw6dIW2y14OyctnEDHJDReRMoO6Ek83tLIM2JJz7Pf6LTaqegGGdpfQnm3ODoWpMTS742KzXD9I6ELxUl4TZ"": ""schost.exe"", ""mutex"": ""Q8pdIOfxBj8P3o2d""}}",91[.]151.89.158,,Q8pdIOfxBj8P3o2d
acbb983043b2caf0a96657216843a985a11622ce7480c3e508c7c86f5bbf5f3c,fGOoE3tcOtc,11/1/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""octubre212024.giize[.]com"", ""fuertefuerte.accesscam[.]org"", ""octubre242024.casacam[.]net"", ""castanojulian1111.chickenkiller[.]com"", ""uego.con-ip[.]com""], ""port"": [""2525""], ""campaign"": ""FUEGOOO"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""aFpyVXZrakYwMkk3TGh5SE1oaEpweXJZTU9GSEROR2s="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAIGBz6Y+7gj2nikjFjRUrU+W1e6pMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMTIwMTE4NTMxOVoXDTM0MDkwOTE4NTMxOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ7RkCU5e5ZZGOVZ75AKjw+32BE4r7Gh+NDIHidnET15r/o8cPJFvS5gpG4+iibf2Z0nRFnEuoTMJw07xCT/SG57sbHxxQWqLy+MzOO9Ja6xoYoZtHX2eKqlB8q/A+zgAA/ncmt7XysT58Qj/RJ8VVdvTNW2XqUpu67cC4U/VowjAgMBAAGjMjAwMB0GA1UdDgQWBBQGF84dbwRGs8dcAxJjYPEQ0vFz8DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAGElFBgck3Tl9JJ+akExL1Hf05KnfjNQqJh1Pb+sJI9mnuysEVbl9VfAwBmKCdvydwyWbc7opnIfL95l3s1WxqDM2iMqdHvKJAAqrdKbS+41ISGFkJYIApAxxE8iY2y0Nc9h4uS4wQ7EA95s0iYS3FU6a3fTiuBtdWqpIkSmIB3N"", ""Server_signa_ture"": ""XrHJVvIH/4J7ONa6W2ef963fh/xpkJmf2BwuNNjZhPnFS5g+so5Ub7s9W31i3seudSgvLEDKVz9PSKHQzlz6T/Gph4eWZaQaMxz5mHrHFWL365cUkq2UP3tah5FI5Gy8IIHqql5PAoz4NeW5DccmOlogbp9wu5kyXucKNzXT9Ws="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""FUEGOOO"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}","octubre212024.giize[.]com,fuertefuerte.accesscam[.]org,octubre242024.casacam[.]net,castanojulian1111.chickenkiller[.]com,uego.con-ip[.]com",FUEGOOO,DcRatMutex_qwqdanchun
ad29812f5ff0e101c8ca1a48a8a0194d7a032e8b890374fc0041b4ae2a1e9a21,nEdxC2tcOtc,10/29/2024,Remcos,"{""c2"": [""consolidado23.linkpc[.]net:3019""], ""port"": [], ""campaign"": ""ROJO"", ""mutex"": ""mjnfhhskkwuyehnsdjjsksws-839B4N"", ""non_standard"": {""c2_list"": ""consolidado23.linkpc[.]net:3019:0\u001e"", ""botnet"": ""ROJO"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""500000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""mjnfhhskkwuyehnsdjjsksws-839B4N"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""registros[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Capturas de pantalla"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""datos"", ""enable_watchdog_flag"": 0, ""license"": ""B6C491A32A67ABEAF5119B1E1658CBF5"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": """", ""tls_key"": """", ""tls_raw_peer_certificate"": """"}}",consolidado23.linkpc[.]net:3019,ROJO,mjnfhhskkwuyehnsdjjsksws-839B4N
ad74615b5d256862ab5a39e0f2de098697720477f131c9d23e0feb84eb5fd2cf,ACXNTGGCXTL,6/29/2024,RedlineStealer,"{""c2"": [""45[.]77.166.78:44506""], ""port"": [], ""campaign"": ""2806"", ""mutex"": """", ""non_standard"": {""ID"": ""2806"", ""Message"": """", ""Key"": ""Unsafer"", ""Version"": ""1""}}",45[.]77.166.78:44506,2806,
ae531e01c4b447d0c359f1f560e1385ca9eaf0f8b9e2e401e460138d3862b693,ANDREYISNOTHAPPEITE,9/14/2024,Rhadamanthys,NONE,,,
ae8af3e049e812d26f5001815de7cf20d74c21fcb013b7b1ea7bac95ea0c71d4,hoLME2tcOtc,10/21/2024,HeartCrypt (Nested Payload),NONE,,,
af5d3982301079392cdbc9a49380bee3263bf4d2880764663b1ee5282fe1f268,MTGNSGNADS,4/29/2024,PureCrypt Loader,NONE,,,
b0507186720c3648901c7d0fdb6e6a2c49d26e337de269e297a218405972db87,MTGNSGNADS,5/15/2024,PureCrypt Loader,NONE,,,
b18834f77db73c92a2b1eac771b7c61b37e2f76d6145cdafbfd340a4db085961,dd,1/8/2024,HeartCrypt Developer Test Sample,NONE,,,
b1a7d59539e789763e967266520191c1c5e76671d3955caf69eb8491952b14d9,dGGxS1tcOtc,10/20/2024,Rhadamanthys,NONE,,,
b2a4a9e9cd0fbce0d8bb0e6d7bd34aacca346ad20e0835064366a557bba2e20b,MTGNSGNADS,6/28/2024,RedlineStealer,"{""c2"": [""5[.]161.190.139:8732""], ""port"": [], ""campaign"": ""X"", ""mutex"": """", ""non_standard"": {""ID"": ""X"", ""Message"": """", ""Key"": ""Inrushes"", ""Version"": ""1""}}",5[.]161.190.139:8732,X,
b3c82c1dbbcdf802412c2ff189b8116324aaa10605be260c648ccc641e69a181,MENOLOVECROWDSTRIKE,5/15/2024,ACRStealer,NONE,,,
b42cdcccb051d01c545545fd81495973fdd758c7d5b7faa5d7dd3fa98f31c173,bbbbb5,1/11/2024,HeartCrypt Developer Test Sample,NONE,,,
b51ebd58f411ad5fa6724005ab27bb23b4c4d7c15d4d54e066fd55055ef87a9f,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,2/27/2024,XWorm,"{""c2"": [""127[.]0.0.1"", ""192[.]153.57.101""], ""port"": [""7000""], ""campaign"": """", ""mutex"": ""xhVr0Rye27FlpWWl"", ""non_standard"": {""KEY"": ""<123456789>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""XWorm V5.0"", ""USBNM"": ""USB.exe"", ""InstallDir"": ""%LocalAppData%"", ""InstallStr"": ""svchost.exe"", ""mutex"": ""xhVr0Rye27FlpWWl""}}","127[.]0.0.1,192[.]153.57.101",,xhVr0Rye27FlpWWl
b55b384d5879073363a91c85a9b723cc98f6281c46087ccc41a94f77940c81fd,OiuDa3tcOtc,11/3/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""word8328.duckdns[.]org""], ""port"": [""8328""], ""campaign"": ""ZZZ-oct-31"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""SVFjdjFvY0xTZ0NUUVpNTFp0SXJ0V090dVVPWDVPSGo="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""czHNNutVfd5y0q13T91EqOdipBIY2aKFIkyhh1BzLopZR5Jmk+2Nw3daWxQIdHYujEiNaxwmhdlwT+GZUc5TADp3tVt+osq2/6dnG56zfjSnQxgxf44d8WzfEWluyzZ+CCq8h/7dT3/z0NNxNf2J2N+VBzQPwM9qOBF1km2u8H4="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""ZZZ-oct-31"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",word8328.duckdns[.]org,ZZZ-oct-31,DcRatMutex_qwqdanchun
b59c2e678091c29d38b16d7558f6d06bb0f7b926d3aee1c38582dbfb78edd97a,gasgff34534c,4/1/2024,LummaStealer,"{""c2"": [""associationokeo[.]shop"", ""turkeyunlikelyofw[.]shop"", ""pooreveningfuseor[.]pw"", ""edurestunningcrackyow[.]fun"", ""detectordiscusser[.]shop"", ""relevantvoicelesskw[.]shop"", ""colorfulequalugliess[.]shop"", ""wisemassiveharmonious[.]shop"", ""peanutclutchlowwow[.]shop""], ""port"": [], ""campaign"": ""EST612--Unik"", ""mutex"": """", ""non_standard"": {}}","associationokeo[.]shop,turkeyunlikelyofw[.]shop,pooreveningfuseor[.]pw,edurestunningcrackyow[.]fun,detectordiscusser[.]shop,relevantvoicelesskw[.]shop,colorfulequalugliess[.]shop,wisemassiveharmonious[.]shop,peanutclutchlowwow[.]shop",EST612--Unik,
b60f40dba25031b65c2ee81748340738b7607179792b0f0ab2c383b822f4bffa,EFF   tcOtc,11/3/2024,Rhadamanthys,NONE,,,
b61015f0bd80498627928ee270e0a0e604b52998ff943254072241748c708c39,ALX   tcOtc,10/9/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""pt4040.4cloud[.]click""], ""port"": [""4004""], ""campaign"": ""ZUMBA-NEW_NEW"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""S3p5eHlET1BZN3A1RzJGOTJPYmE2YXFNWFlWVFhlRTg="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""IbvvGs2ariJghonKRtB7B3gDQz1T75amTHMpJc6rbgqW7fhmqempc5Hbhm1y9gQVSxBqsmoaMHT6wRb5wuqPUSe7til9czmViZ8mCkrnFNB8ivwbQSdiOMhkBs9lvSxbLDnUIKzMJdZmoSO+xpK6ifDjcM0Flsma/hflX6yVE5M="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""ZUMBA-NEW_NEW"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",pt4040.4cloud[.]click,ZUMBA-NEW_NEW,DcRatMutex_qwqdanchun
b66667a5aa484226944052ab945d3dc99a7a67dfb5a2942dc9d84371ce752438,Aug 11guAgu,8/16/2024,Remcos,"{""c2"": [""agosto14.con-ip[.]com:7773"", ""agosto14.con-ip[.]com:7774""], ""port"": [], ""campaign"": ""GOLGOL"", ""mutex"": ""Rmc-12I275"", ""non_standard"": {""c2_list"": ""agosto14.con-ip[.]com:7773:1\u001eagosto14.con-ip[.]com:7774:1\u001e"", ""botnet"": ""GOLGOL"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-12I275"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""5362EE03FAA36CB4DF3995B084785A49"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}","agosto14.con-ip[.]com:7773,agosto14.con-ip[.]com:7774",GOLGOL,Rmc-12I275
b7dc735524a606b0ee3ccab89eb43be79329dc994026501a3f5ae809597f3f45,ACXNTGGCXTL,9/23/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""dashboard.dynuddns[.]com""], ""port"": [""22077""], ""campaign"": ""11-Julio"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""TzRRSkpJSTVRMDNNVURuRFNiOGlmNEd6dWY2V0lFbDQ="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n"", ""Server_signa_ture"": ""alF0+CN8wP9KudFSH7l4wyh6o/TDy0EStssHTf9+ey4u7ZckPSGdMigYrrE9bf6MzCjK1Zl5jzssTdoQ6mfZa6k2YdnTUSVksfOSiDv+l7O+KY/yc5+JENFhBDGc96l0LiMcNYSoN0tj6zjcNoDv+81wQ4C/TxS7ENBalP8ympY="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""11-Julio"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",dashboard.dynuddns[.]com,11-Julio,DcRatMutex_qwqdanchun
b939904d34dee658462a3963eab58ea198b07f42fad912b8c73f53fc2f7de559,GGGSADEFFTL,7/28/2024,Rhadamanthys,NONE,,,
b992553008a95ff9feefbfb4522b54569e8b1d0f035a0f06e87e9b4d2f4cf120,oEODf2tcOtc,10/29/2024,Remcos,"{""c2"": [""octubre2424.run[.]place:3019""], ""port"": [], ""campaign"": ""MANGO"", ""mutex"": ""kijdujsnjskaliejahndmdkis-Y20KAJ"", ""non_standard"": {""c2_list"": ""octubre2424.run[.]place:3019:0\u001e"", ""botnet"": ""MANGO"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""500000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""kijdujsnjskaliejahndmdkis-Y20KAJ"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""registros[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Capturas de pantalla"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""datos"", ""enable_watchdog_flag"": 0, ""license"": ""B6C491A32A67ABEAF5119B1E1658CBF5"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": """", ""tls_key"": """", ""tls_raw_peer_certificate"": """"}}",octubre2424.run[.]place:3019,MANGO,kijdujsnjskaliejahndmdkis-Y20KAJ
b9c4d2230791ed768840805975a2513ac67ef59e05af75a85230b467afc377d3,Sep   peSpe,9/1/2024,LummaStealer,"{""c2"": [""caffegclasiqwp[.]shop"", ""stamppreewntnq[.]shop"", ""stagedchheiqwo[.]shop"", ""millyscroqwp[.]shop"", ""evoliutwoqm[.]shop"", ""condedqpwqm[.]shop"", ""traineiwnqo[.]shop"", ""locatedblsoqp[.]shop"", ""applieddyooqnz[.]shop""], ""port"": [], ""campaign"": ""YT6gHy--"", ""mutex"": """", ""non_standard"": {}}","caffegclasiqwp[.]shop,stamppreewntnq[.]shop,stagedchheiqwo[.]shop,millyscroqwp[.]shop,evoliutwoqm[.]shop,condedqpwqm[.]shop,traineiwnqo[.]shop,locatedblsoqp[.]shop,applieddyooqnz[.]shop",YT6gHy--,
ba23ee91a54d3da0e2142a90def9ea6ead953621fdbb2c9a568ab68247993b90,btaappointi49893bu9fdkfdsa9fdsfdasfj29384023423kjldfsfds,3/21/2024,Remcos,NONE,,,
ba4e57be7998467a7fb5471ea6e6d5ee9d6233de96bf2699efe9e8c45b21b039,NACSKKETTAF,7/26/2024,Rhadamanthys,NONE,,,
bb37d80cb884d9499e52e498fdc6e234e0cc972ab16cb5e5859287a02f6e01c5,bbbbb5,1/16/2024,HeartCrypt Developer Test Sample,NONE,,,
bd25e7c40ce4856973e988f5e86804ad945191ecce1c095b3ac354101870e5e5,Aug222guAgu,11/1/2024,XWorm,"{""c2"": [""xwrmsistem.duckdns[.]org""], ""port"": [""7000""], ""campaign"": """", ""mutex"": ""3wMQuoPMT069qkfP"", ""non_standard"": {""KEY"": ""<123456789>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""ENVIO"", ""USBNM"": ""USB.exe"", ""mutex"": ""3wMQuoPMT069qkfP""}}",xwrmsistem.duckdns[.]org,,3wMQuoPMT069qkfP
be1bd8d34829f7087209c8ef55d3f8c87a048519e859a89bc92de6f9680aff0d,Sep   peSpe,10/6/2024,Remcos,"{""c2"": [""rcmpx.duckdns[.]org:57870""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc$urG9345JRjuDjdGoH-CQ6FPI"", ""non_standard"": {""c2_list"": ""rcmpx.duckdns[.]org:57870:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 0, ""enable_hklm_run_persistence_flag"": 0, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 4, ""install_filename"": ""Google.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc$urG9345JRjuDjdGoH-CQ6FPI"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Google"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""97DE0F3158A4CD79332A65946AD1FA0F"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH+MIGmoAMCAQICEBrV8/JBAUcef6WvFe+KE+UwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+Mr4NMT6XU24cXz8lxN2nv6/SOP2MjzhcxVOeJnI/rLHRR411y2UxO/OqtE6UbRKIkxSdwLE22A5Lzt2rPHWsjAKBggqhkjOPQQDAgNHADBEAiAoKzrFLs1UZUbsS70JFkhB5f/UWWICmZpZgGJvulkgIwIgdgBm1hdlcU4HcGhbWYLoO4Zb1ZYulRbRTUBAy5m1oz0="", ""tls_key"": ""MHcCAQEEIPO3EbPLWrE4KTUgC0hVTmYv81ta+gobZEIVeovTICqNoAoGCCqGSM49AwEHoUQDQgAE+Mr4NMT6XU24cXz8lxN2nv6/SOP2MjzhcxVOeJnI/rLHRR411y2UxO/OqtE6UbRKIkxSdwLE22A5Lzt2rPHWsg=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhAlqlmVlcWXps64cVI6AGyjMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABG7G+gAoruQoa0HzGDb0oB+X6Uo917kA1XmMeUScg8ePvfXZQaLX3dhqiBZ1rstBYU7pVf9KbsHZjl7UWQBtiCYwCgYIKoZIzj0EAwIDSQAwRgIhAKsxTSIgujFfVceXSrMwZsCjdrBnCBVrqLsPjpsnJiFnAiEA29paMoT7xc/Ag+Ui45ZHwqqo2i0p6vstdOmRTSpaiuY=""}}",rcmpx.duckdns[.]org:57870,RemoteHost,Rmc$urG9345JRjuDjdGoH-CQ6FPI
bf8b480cdeeac23e87309d65c95d6528607011796a9b3ad48c4ae29325dd2c93,MTGNSGNADS,5/3/2024,Unknown .NET Loader,NONE,,,
bfa0cd295ca0f66b7a1a1d30b7e9923d8de1bd2191dfe73b16b7a31d6e737165,GGGSADEFFTL,7/27/2024,RedlineStealer,"{""c2"": [""45[.]77.166.78:44506""], ""port"": [], ""campaign"": ""CENTER X"", ""mutex"": """", ""non_standard"": {""ID"": ""CENTER X"", ""Message"": """", ""Key"": ""Civilities"", ""Version"": ""1""}}",45[.]77.166.78:44506,CENTER X,
c04095e017a0f3911c40181c5175e5f50f5aff5e3ece9287a4df7a699599db6c,Sep111peSpe,9/17/2024,AstolfoLoader,NONE,,,
c0ed712baa4ff2bcdb8df1f7d52328bc10c629f0ee6d314d816cf6bd4ed59350,EFF   tcOtc,10/11/2024,Remcos,"{""c2"": [""hotsdefender.webredirect[.]org:2404""], ""port"": [], ""campaign"": ""OCTUBRE2024"", ""mutex"": ""57ZPeqKvi06SF5XBomCwwA-XVOROR"", ""non_standard"": {""c2_list"": ""hotsdefender.webredirect[.]org:2404:1\u001e"", ""botnet"": ""OCTUBRE2024"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 0, ""keylogger_maximum_file_size"": 0, ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 6, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""57ZPeqKvi06SF5XBomCwwA-XVOROR"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 6, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 1, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": ""wikipedia;solitaire;\u0000"", ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 6, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""remcos"", ""keylogger_root_directory"": ""Key"", ""enable_watchdog_flag"": 0, ""license"": ""3C951C47054DAE7D8CF6D7734BB18D5F"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH+MIGmoAMCAQICEFp92iJiPhEEPva3zkq7V1wwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQ1lB6RdgMUpyIsi/CFS2jX1y6yYSpTzgEpXPSRk7aDvJwTRzASTXsH3ULYdcW+YuUFQ758TKbAPCea/bTYsJtzAKBggqhkjOPQQDAgNHADBEAiBBVEl+WnDf/esg2dHUMlAGBcFl+T3j9vHhgLLCkAenRQIgauA/VaZZyXBVnWVrGndS8K/xVoxOQM7TiXan6lcCxwg="", ""tls_key"": ""MHcCAQEEID5CotplF8WyIemC4zXHPvK9PaORMs/F476Ll93fzRLeoAoGCCqGSM49AwEHoUQDQgAEQ1lB6RdgMUpyIsi/CFS2jX1y6yYSpTzgEpXPSRk7aDvJwTRzASTXsH3ULYdcW+YuUFQ758TKbAPCea/bTYsJtw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhAMvnYbcvM06q3JURMYZz4MMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMeF2p/dKUXneA5X0oMep813Lb/u3sceFdZQnVUYTdWDFxwGyPmrprvb0wfTd6BXXF0vOkEq4C0zqR+pLUhZ8oAwCgYIKoZIzj0EAwIDSQAwRgIhAKTU+Jpc5EdMZYSbJFtsupqnRQkWdmoFdpWbPkfcvUdOAiEA2PSEUPnrQtnBz+DW2oUS4TV4a7stRYfXLV5iJPgika8=""}}",hotsdefender.webredirect[.]org:2404,OCTUBRE2024,57ZPeqKvi06SF5XBomCwwA-XVOROR
c1669b870d0530d4d74f1f5afe58b2954670be9c1f047558f0d0d24809bbf0a7,,3/12/2024,Vidar,NONE,,,
c1bafafaa114d62fc3140b1147dd5e5afc6b003581810306ce9e15621f2bd7eb,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,3/13/2024,PureCrypt Loader,NONE,,,
c2337180084757ac67238cea6bb477ec84210742355d4a02bec52a7fbf3d8511,dGGxS1tcOtc,10/20/2024,HeartCrypt (Nested Payload),NONE,,,
c3d4945052a644bbf7ce41cbb910d2510c85cdee783922441ce0aa627eb7c233,DAEXo1tcOtc,10/17/2024,Remcos,"{""c2"": [""carracalbarmen.con-ip[.]com:1991""], ""port"": [], ""campaign"": ""AMUNDI"", ""mutex"": ""Rmc-ZW6D0U"", ""non_standard"": {""c2_list"": ""carracalbarmen.con-ip[.]com:1991:1\u001e"", ""botnet"": ""AMUNDI"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-ZW6D0U"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""52FAB4ABA90AF6988E653D18FACD533A"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",carracalbarmen.con-ip[.]com:1991,AMUNDI,Rmc-ZW6D0U
c4e122367f23ca841666dac54c6a42a937e0b8255f7594ded6f4d150fce18538,pOdEX voNvo,11/3/2024,Vidar,"{""c2"": [""hXXps://tougn[.]website"", ""hXXps://95[.]217.28.72""], ""port"": [], ""campaign"": """", ""mutex"": """", ""Strings"": [], ""non_standard"": {""dead_drop"": [""http://localhost:9223/json"", ""hXXps://t[.]me/asg7rd"", ""hXXps://steamcommunity[.]com/profiles/76561199794498376""]}}","hXXps://tougn[.]website,hXXps://95[.]217.28.72",,
c65cf347f560bdefdaea56eaeddbe94ef8ff32da132939d9cf5c40c4fd173908,dEaCE2tcOtc,10/26/2024,Remcos,"{""c2"": [""danielacorrealora09.camdvr[.]org:1880""], ""port"": [], ""campaign"": ""LOS BREEE"", ""mutex"": ""Rmc-CGM69G"", ""non_standard"": {""c2_list"": ""danielacorrealora09.camdvr[.]org:1880:1\u001e"", ""botnet"": ""LOS BREEE"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-CGM69G"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""AE6C97426D51968E4EA8FBF1A257086C"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA/bK072R8ULSeOSr5wUkeEMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA6VI2iU8kQnjaxGQYZ1oOLiaXXpoQjtj7hJtuy1r3G/TBrRcCL/wyrO0LmSJpiu7EB437pCrDvLOwjUeG7tMkYwCgYIKoZIzj0EAwIDSQAwRgIhAOSn37JeyD+DIWNHGE1xcYdm1RrQ8TT8hiLd9UIfm9uuAiEA7GC6L19W5lN5cfD3Rh2Ior++WuiLxQwnvw7H9AP/egA="", ""tls_key"": ""MHcCAQEEIJG09kVEQDINj8+wjHIe85JcOXQro5U9++N24NOCtOYMoAoGCCqGSM49AwEHoUQDQgAEDpUjaJTyRCeNrEZBhnWg4uJpdemhCO2PuEm27LWvcb9MGtFwIv/DKs7QuZImmK7sQHjfukKsO8s7CNR4bu0yRg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICED1NkqG7jUVs6UE+9lfC9FgwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECd6OUnfQld2gC9x8EQRhtR8SxJVg8oG9XKYRGj3Bl2o3nxXg5UX+DJrxL2ck0tBmDDoUhbl6AoiS4LqLq0jehDAKBggqhkjOPQQDAgNIADBFAiBPs4LgiRbRQ2McVsYAzfd/Q/h5nMAd2ZznwiDFiFSGBQIhANcDTxlBaY+lmnofU7TMD8RRqIs9H3Tqnu3QRNLrm6d0""}}",danielacorrealora09.camdvr[.]org:1880,LOS BREEE,Rmc-CGM69G
c68b80b60bd6648b1fe8092a911fbbdb376b8fbbd6b884875fb13ad87c7c7ac1,Aug111guAgu,8/28/2024,Remcos,"{""c2"": [""873d723jh90387gdbn283dn3.con-ip[.]com:5023""], ""port"": [], ""campaign"": ""15%%AUG%%2024"", ""mutex"": ""Rmc-BX4DJ1"", ""non_standard"": {""c2_list"": ""873d723jh90387gdbn283dn3.con-ip[.]com:5023:1\u001e"", ""botnet"": ""15%%AUG%%2024"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-BX4DJ1"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""BCEFEBC9332FAA7344A2C9F6C3749F77"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA/bK072R8ULSeOSr5wUkeEMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA6VI2iU8kQnjaxGQYZ1oOLiaXXpoQjtj7hJtuy1r3G/TBrRcCL/wyrO0LmSJpiu7EB437pCrDvLOwjUeG7tMkYwCgYIKoZIzj0EAwIDSQAwRgIhAOSn37JeyD+DIWNHGE1xcYdm1RrQ8TT8hiLd9UIfm9uuAiEA7GC6L19W5lN5cfD3Rh2Ior++WuiLxQwnvw7H9AP/egA="", ""tls_key"": ""MHcCAQEEIJG09kVEQDINj8+wjHIe85JcOXQro5U9++N24NOCtOYMoAoGCCqGSM49AwEHoUQDQgAEDpUjaJTyRCeNrEZBhnWg4uJpdemhCO2PuEm27LWvcb9MGtFwIv/DKs7QuZImmK7sQHjfukKsO8s7CNR4bu0yRg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICED1NkqG7jUVs6UE+9lfC9FgwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECd6OUnfQld2gC9x8EQRhtR8SxJVg8oG9XKYRGj3Bl2o3nxXg5UX+DJrxL2ck0tBmDDoUhbl6AoiS4LqLq0jehDAKBggqhkjOPQQDAgNIADBFAiBPs4LgiRbRQ2McVsYAzfd/Q/h5nMAd2ZznwiDFiFSGBQIhANcDTxlBaY+lmnofU7TMD8RRqIs9H3Tqnu3QRNLrm6d0""}}",873d723jh90387gdbn283dn3.con-ip[.]com:5023,15%%AUG%%2024,Rmc-BX4DJ1
c691c7260a144c141abb520099b6d406e87ef75d16bd74c5f1cea900223cdb9f,Edwardsigunecia,9/4/2024,LummaStealer,"{""c2"": [""caffegclasiqwp[.]shop"", ""stamppreewntnq[.]shop"", ""stagedchheiqwo[.]shop"", ""millyscroqwp[.]shop"", ""evoliutwoqm[.]shop"", ""condedqpwqm[.]shop"", ""traineiwnqo[.]shop"", ""locatedblsoqp[.]shop"", ""condedqpwqm[.]shop""], ""port"": [], ""campaign"": ""sG8pjw--xcoin"", ""mutex"": """", ""non_standard"": {}}","caffegclasiqwp[.]shop,stamppreewntnq[.]shop,stagedchheiqwo[.]shop,millyscroqwp[.]shop,evoliutwoqm[.]shop,condedqpwqm[.]shop,traineiwnqo[.]shop,locatedblsoqp[.]shop,condedqpwqm[.]shop",sG8pjw--xcoin,
c6c5b09801e1b072f9fc1c0ae1bda204137be1d194eb6187f5f1948543dced4a,Sep   peSpe,9/2/2024,XWorm,"{""c2"": [""xwrmsistem.duckdns[.]org""], ""port"": [""7000""], ""campaign"": """", ""mutex"": ""3wMQuoPMT069qkfP"", ""non_standard"": {""KEY"": ""<123456789>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""ENVIO"", ""USBNM"": ""USB.exe"", ""mutex"": ""3wMQuoPMT069qkfP""}}",xwrmsistem.duckdns[.]org,,3wMQuoPMT069qkfP
c721fa91cec61b7b29078a1c68ff58d90f2f321c882bd60e3823d57ab470277a,43423fdasfdasfa32143242,3/17/2024,Vidar,"{""c2"": [""hXXp://167[.]235.207.130""], ""port"": [], ""campaign"": ""9e87ffa15d95120a3f4c94e945bf4479"", ""mutex"": """", ""Strings"": [""GetProcAddress"", ""lstrcatA"", ""OpenEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""FindNextFileA"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""SetFilePointer"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""TerminateProcess"", ""GetCurrentProcessId"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrStrA"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""TRUE"", ""FALSE"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""History"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayVersion"", ""msvcp140.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""*.lnk"", ""Files"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Tox"", ""*.tox"", ""*.ini"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""accounts[.]xml"", ""token: "", ""Software\\Valve\\Steam"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""Content-Type: multipart/form-data; boundary=----"", ""Content-Disposition: form-data; name=\"""", ""build"", ""token"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg"", ""\u0004\u00004\u0000 \u0000e\u0000*\u0000\u001a\u0000S\u0000^\u0000A\u0000*\u0000\u001e\u0000+\u0000\f\u0000T\u00002\u0000i\u0000"", ""\u0004\u00004\u0000 \u0000e\u0000\u0007\u0000\u001d\u0000S\u0000Z\u0000L\u0000'\u0000\u000b\u0000!\u0000\f\u0000M\u0000$\u0000n\u0000""], ""non_standard"": {""dead_drop"": [""hXXps://t[.]me/raf6ik"", ""hXXps://steamcommunity[.]com/profiles/76561199651834633""], ""version"": ""8.3""}}",hXXp://167[.]235.207.130,9e87ffa15d95120a3f4c94e945bf4479,
c731334671b5c7da8410569e200d24a71d9db395adf6051440e661125e482888,Edwardsigunecia,8/16/2024,QwqdanchunRat (Quasar Fork),NONE,,,
c7862bcc809a9effd31035b7e92fe57fd368318894874b8239198ee4e0dcbf74,gasgff34534c,9/20/2024,HeartCrypt (Nested Payload),NONE,,,
c7969e2249fc0180887315b88855ce017d4377b6550a2631b3c821f226e9e861,Sep111peSpe,9/20/2024,PureCrypter Loader (.NET),NONE,,,
c7d0fae10223094c6d09aefac6207fe632b55405f57671e0de06276876f67e32,NACSKKETTAF,7/25/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""rafaborre27.duckdns[.]org""], ""port"": [""5050""], ""campaign"": ""JULIO 18"", ""mutex"": ""windowsgsdafewrtsudifhrtdiwondhdg"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": ""windowsdefender"", ""Key"": ""SVZsM1c3VmkyNGEweFRnS1BoWTA5WFB5TkZXTlVha3M="", ""MTX"": ""windowsgsdafewrtsudifhrtdiwondhdg"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVALHnIPqvO0ejsIiXRAS4cjBZw0S5MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMTAxMzE2NDExOFoXDTMzMDcyMjE2NDExOFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAI9TFguVgCTtF7U7ZaWys4ygvnAGaWgPqOEwcHdwkQ/clDk+TcRb2GA2NOGmrx4CTSEjxO9rcffe+KH/fqI4iMeJENTGQppXZ2U9364EL6jR+2RZZsNj6BKCmal9X2cF4hNjmqw6eYJNz0oAIzEXaa1haNUmF8DAGBUcPJTYLEXRAgMBAAGjMjAwMB0GA1UdDgQWBBQZcjTnccP11MPXG5vPC6QzfmaTJTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAE9RAtXZ3EBORUg4Gv1XH/0bPpBcSqnBYrWNk4GEntDsNKVGpc927yFnHtuoRPh+ZgPwNfeVidop5WckVEYBBwb6R1YOHuhrTKs5fi/8Uvdnyvspng7RtsgVGIDTLg6bMFaZ6tnuQBjnijtgPtpawqnu49I6cDphXwpqLnuQLUzJ"", ""Server_signa_ture"": ""P5IZfB3rKctgflCx9+hAugZwUF+Fv6WsxKxG6nP1bYCNNl5dE3/kNnKv2dwJEuFXIeFISl0XOwrW3wPO5hg8HXYKKh/EvJpr5XlxIpQ3Eyulb1yLZzSE9h7VjoSHur3f+5lZNQDHQOw86mrR+a5JIFgicca1JpUQziARUGmpnsk="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""10"", ""Group"": ""JULIO 18"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",rafaborre27.duckdns[.]org,JULIO 18,windowsgsdafewrtsudifhrtdiwondhdg
c8d0bbcfda19f38c51dd772e5457b60ff59eb028799dca1fe4ce5d72b281b452,ACXNTGGCXTL,7/2/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""krakenstudio0612.casacam[.]net""], ""port"": [""8006""], ""campaign"": ""BENDICIONES"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""MHgwQWlkT1NjbzRUMVRVOXJPN1lKbXNHcUpOVlFEdWc="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n"", ""Server_signa_ture"": ""J4VHmjdrtRmu4dKFQ8Gj+3aV4g426xOtDXyUN2IV/xhDJkEiK+iG0Gry1cXDXd3Pzzy8uPPqiKF2Mgb2owxRYD1FBHZYEJQ2xk5EojXERIyq4EzJsazZCYrvm2nMjkd0Z+5KrNU3A1Uf1T8py8nXKpyWSLgJt6hN8khb6AZ+2/0="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""BENDICIONES"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",krakenstudio0612.casacam[.]net,BENDICIONES,DcRatMutex_qwqdanchun
cb4aa6105938c53f9f2b2f8e6f5f36bfe96419c56e73cdee53d48f4c393379f4,43423fdasfdasfa32143242,3/18/2024,VenomRat,"{""c2"": [""94[.]156.8.65""], ""port"": [""8080""], ""campaign"": ""Default"", ""mutex"": ""Usermode Font Driver Host"", ""non_standard"": {""Ver_sion"": ""Venom RAT + HVNC + Stealer + Grabber  v6.0.3"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""alpPemp5eEFjOUNYSEo5WktCYzF4QVB3eEVPQXViMXM="", ""MTX"": ""Usermode Font Driver Host"", ""Certifi_cate"": ""MIICOTCCAaKgAwIBAgIVAPyfwFFMs6hxoSr1U5gHJmBruaj1MA0GCSqGSIb3DQEBDQUAMGoxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEfMB0GA1UECgwWVmVub21SQVQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMDgxNDA5NDEwOVoXDTMzMDUyMzA5NDEwOVowEzERMA8GA1UEAwwIVmVub21SQVQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMk9aXYluIabmb8kV7b5XTizjGIK0IH5qWN260bNCSIKNt2zQOLq6jGfh+VvAA/ddzW3TGyxBUMbya8CatcEPCCiU4SEc8xjyE/n8+O0uya4p8g4ooTRIrNFHrRVySKchyTv32rce963WWvmj+qDvwUHHkEY+Dsjf46C40vWLDxAgMBAAGjMjAwMB0GA1UdDgQWBBQsonRhlv8vx7fdxs/nJE8fsLDixjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAAVFFK4iQZ7aqDrUwV6nj3VoXFOcHVo+g9p9ikiXT8DjC2iQioCrN3cN4+w7YOkjPDL+fP3A7v+EI9z1lwEHgAqFPY7tF7sT9JEFtq/+XPM9bgDZnh4o1EWLq7Zdm66whSYsGIPR8wJdtjw6U396lrRHe6ODtIGB/JXyYYIdaVrz"", ""Server_signa_ture"": ""bYjFcv3utlZW/JyEBjShJTXs8cYswUHAL+kqkvZKY+xnKBAkpBYIpNDsQ4yVQMydF6X6LqAVM1Lwp8f7Tyc1wvTnyLtyfJ1ZOk1gTk0FLKASV8rkKgpWZkhIzPA048M+w7LxzpGyiIV/07J7GsZEoPVAp5sxcXHRlgSXF+6hXtg="", ""Paste_bin"": ""null"", ""BS_OD"": ""true"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Default"", ""Anti_Process"": ""true"", ""An_ti"": ""false""}}",94[.]156.8.65,Default,Usermode Font Driver Host
cbf2ceb3c5ebc6f1d8c09f3098176ded9503800cba77cfefa25ea9e0a8085ae3,gasgff34534c,4/2/2024,DarkGate,NONE,,,
cc00a259ec4ebde015fe0fad59f369ae23def081caa787ad0652f7d6b2fe6de0,EFF   tcOtc,10/3/2024,Rhadamanthys,NONE,,,
cc261a096421b7d33dc306496e1a8f4ab37f84188c3d05514ee68b5dfe860252,dEaCE2tcOtc,10/28/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""puerto4000.duckdns[.]org""], ""port"": [""4000""], ""campaign"": ""FRESH-OCT23--"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""aEtSTWhadFVuZWdRbEF6UEtDVERCSlpGMUw3UlRuMVE="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""Ndd8KU7O+IP6L83MCE8TWhLtrEIQnBX5DlLi2okbz7Qm6njhi2bj3j9A87aLniaFc6O9y9+TNEnWMiAXooqiZwMb+h2eY3hhXbrvFs03AmrdFWUTH5nz3bJgWGBTNFAOIx8vE9GdYaQDlXsk2rC2iNBlhOaLlAt4Y5g/bNoKk78="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""FRESH-OCT23--"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",puerto4000.duckdns[.]org,FRESH-OCT23--,DcRatMutex_qwqdanchun
ccf57b07f8ba315a9b94342e0ec76d38e0095249e38b2e2b4a005fc199d12181,NACSKKETTAF,7/24/2024,Remcos,"{""c2"": [""manuelabobadillalora09.con-ip[.]com:1880""], ""port"": [], ""campaign"": ""OILOO"", ""mutex"": ""Rmc-JHE4XU"", ""non_standard"": {""c2_list"": ""manuelabobadillalora09.con-ip[.]com:1880:1\u001e"", ""botnet"": ""OILOO"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-JHE4XU"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""0E470DBC439D9E4DD2D21356C7BB2FF1"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA/bK072R8ULSeOSr5wUkeEMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA6VI2iU8kQnjaxGQYZ1oOLiaXXpoQjtj7hJtuy1r3G/TBrRcCL/wyrO0LmSJpiu7EB437pCrDvLOwjUeG7tMkYwCgYIKoZIzj0EAwIDSQAwRgIhAOSn37JeyD+DIWNHGE1xcYdm1RrQ8TT8hiLd9UIfm9uuAiEA7GC6L19W5lN5cfD3Rh2Ior++WuiLxQwnvw7H9AP/egA="", ""tls_key"": ""MHcCAQEEIJG09kVEQDINj8+wjHIe85JcOXQro5U9++N24NOCtOYMoAoGCCqGSM49AwEHoUQDQgAEDpUjaJTyRCeNrEZBhnWg4uJpdemhCO2PuEm27LWvcb9MGtFwIv/DKs7QuZImmK7sQHjfukKsO8s7CNR4bu0yRg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICED1NkqG7jUVs6UE+9lfC9FgwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECd6OUnfQld2gC9x8EQRhtR8SxJVg8oG9XKYRGj3Bl2o3nxXg5UX+DJrxL2ck0tBmDDoUhbl6AoiS4LqLq0jehDAKBggqhkjOPQQDAgNIADBFAiBPs4LgiRbRQ2McVsYAzfd/Q/h5nMAd2ZznwiDFiFSGBQIhANcDTxlBaY+lmnofU7TMD8RRqIs9H3Tqnu3QRNLrm6d0""}}",manuelabobadillalora09.con-ip[.]com:1880,OILOO,Rmc-JHE4XU
ce8901205463e35b57a5429767515611490c65aad8499cadd3e75f08fc420e61,Aug111guAgu,8/15/2024,Remcos,"{""c2"": [""agosto15.con-ip[.]com:7771""], ""port"": [], ""campaign"": ""ARRIBAAA"", ""mutex"": ""Rmc-EKH6T6"", ""non_standard"": {""c2_list"": ""agosto15.con-ip[.]com:7771:1\u001e"", ""botnet"": ""ARRIBAAA"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-EKH6T6"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""5362EE03FAA36CB4DF3995B084785A49"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",agosto15.con-ip[.]com:7771,ARRIBAAA,Rmc-EKH6T6
cf367483090fca26a20295f8696bb2b78952bb340d54cf146009a3bef4a0adee,Edwardsigunecia,8/12/2024,AsyncRat,"{""c2"": [""127[.]0.0.1"", ""185[.]196.9.94""], ""port"": [""6606"", ""7707"", ""8808""], ""campaign"": ""Default"", ""mutex"": ""0YvwVutb1U0i"", ""non_standard"": {""Version"": ""0.5.8"", ""Install"": ""false"", ""InstallFolder"": ""%AppData%"", ""InstallFile"": ""svchost.exe"", ""Key"": ""VGwwOTlYaURJVU5rUUpTV1JvMTlJWjNuYUhBMmhOaEU="", ""MTX"": ""0YvwVutb1U0i"", ""Certificate"": ""MIIE9DCCAtygAwIBAgIQAJx1L9k/ws8dEwHt3C6LZTANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBtb3Jkb3J2cG5zZXJ2aWNlMCAXDTI0MDcxMjAxNTAzMloYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBtb3Jkb3J2cG5zZXJ2aWNlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAliMJXW7CuEiFNAaF7YUnn6licFjTnt1mfYlwWGvWEJ9PDNVVQMrgNvSoN5njvAhz3DDN5HCvlr52Cniex5pkjWLoUqiflPQelXnVU2eWFPE4ZOysqSNZVjokzVEIqAfAda+hYwKGT/+EUpecgrPAtyzRwXIThVo/FpcxHqnLKvJ8Vjdht7TA4bWoFjbL8VbaoevKekEEFYuvSjG+3lYw2AzEMT+7Fm2ylzM0pTX1xdLs41zquqc25mYz5Y7yFG4d9uN5HBMAovAYeQ71EWQN1vgCcLTuA3gy2V9xI8mho6fGCicwj9+NYjgW/6usdu/yQqz9sm6EYwmIJcCsGQ0jBoTaQ7pq9P/lOqlAraCLgDm+87Yx0qUCMm9rJAsUgytw+qy4EKrG6GfReT34XXuUyStbyC4Zkpcl2K34hhmShLewF83UJSyUChDSnZG+Ug7DzhmcsuwmCXLb5HciOd+9mqEwiood3UpXJXe3W+I6eEp5MoXOgc+PoA+WI37xDCYWtaXDiv1gvTy9Y+Y5KUd6EBKqu/eKLdDhsYR/thkuZboBjf51ZYrMJWXiaQsZLak3RaklD3YAlcXF56W5zuV+45BcQokH1OY1pAOJAU/JfJMr0UeoyqhKVBvbduS9HjZqhezWL+kRcjmbEm0S4TFpJtp1P3RxmjcUCbYk+M83AhMCAwEAAaMyMDAwHQYDVR0OBBYEFObj7CgjHDVG439JAZ9/eEKPUXn/MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBAAaZ5VrTxGhTuTF6MjrnAGov/NRwpv37CQumZuNuENMzaIFPXiQFOUO9oAmQ/Ub8dCeeIOMmq2OGY6FU1JKqQ3zLBVrK3xhWKdEiDfkQksHYb1r57WoHtKtAqH3dLONv1PIrvMpd2QJbDwTMFX5dtpxW4/8spzAhqdI/PWqHn1Mh74D9sjszqX62u/B9hnb6RfyktRZWP6lSs+u4v0nxsoCl3UzOe08Wh9QVEusReKGo/c6ON0gWW/7U+1r/i4nwttQDU1jNZOvIKCY+GCO/vsUCGv4e9NcXjq9Cj7239rdBIL9RxygZ7yaoIEFVrtd4rp0rAeP8TNBpP5ND4XlhBiqLE6hE+kOfQBIfQaYRxLzzXZclGhWOojQOCHZJo/+MO01dLZfbWvkNPtUlNErfwITBYhSW/McWVlsSUxt4PjPv0yXlirK9myDRF+zNvVJSWoouNMDG/GPnmEeJtuhYbw6AsexlqIDht2sYsAYxPVsI2MEVU2H73ADVcDrfkRm0/xV+aC0u901qNHkSXNpSzTCWJnIZ4K7xpML7Hk0gAnwdwr18VNyJTx01BBcmPMNL8NbNLO++LUl0LpltpE7KaD/vpuwGKEi69FEx7Buq74/8yBHRdjxmEhY7qqztjk8okkwG9Gadxwh0rv6FjWb9l6RmhVqGHugtdhqwO0WKzVy0"", ""Serversignature"": ""d14GGoM8WTqR0ONFs/SAbbH7jPuyUOmg+ecUog7D05/GSq0LLBFrPz6yNSkTK5DGhlsje+Z73kYvQ3W6YMTWFoHq/SjWyTYrcT/B35YgK6iAYLUZBPORcGMFsd+ZLHUUf9XSbQvhehu4C/G40zkrfpF52Zfja0m4wiw4FRIv8aDGtRnr7cXjD8f+Htnfge99zA4Ad4Arz9jS5tyuz649C5n71YLKax0ukOVEbtPpQiIP/nOFRQF62XCYT5TJnKAepJ4q34ApGtjr3wDJJ92j1RtBMIyLeFZGApd58vFznZF0yrJZn5SyfWuGW24743e0oRojRajQSAJ4NuZg01kHpL5qWH0rpKuju/g1PQ/a/06oro2fzRY7EOBnjG7LYTv6t10NGr4pgMXve1sldQ5Fu7U1tvaLb471HBJ++/azFVvTD9IwanDixrm8XeuhMAmEFqsChbg7ThIR8u8pu0lZ/olCH2rzvEz8YYJo8kMHLffIe6AzbUwCSmuSJnHSLABKkyliWwxeSATCel9ssZ4K+0/wIk3bGvmpZNenVYckaK6S0W7yfw+hjEzt/XrrSVrfLjNmMADzMv0WwKA9dDS5XgPfANn15UrZ72JvTMKsHsvxpe2JwfSVmItz+30hpyDBl6xiKEy+XkuHGbSB6eWZHO6AVTwWH6fBLj9kpO59SLI="", ""Anti"": ""false"", ""Pastebin"": ""null"", ""BDOS"": ""false"", ""Hwid"": 0, ""Delay"": ""3"", ""Group"": ""Default""}}","127[.]0.0.1,185[.]196.9.94",Default,0YvwVutb1U0i
d07178c88eeeef7cfd9db6b2405574e16a85ee9b8973d2603b22b3a7feb9464e,ACXNTGGCXTL,9/12/2024,Remcos,"{""c2"": [""mfjnfijndifsiisihddd.con-ip[.]com:1668""], ""port"": [], ""campaign"": ""GASTOS"", ""mutex"": ""Rmc-X32CEK"", ""non_standard"": {""c2_list"": ""mfjnfijndifsiisihddd.con-ip[.]com:1668:1\u001e"", ""botnet"": ""GASTOS"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-X32CEK"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""375BA8DEF4E675D2DC93336E56DE93F1"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",mfjnfijndifsiisihddd.con-ip[.]com:1668,GASTOS,Rmc-X32CEK
d08285f3f36f0c79df6d4cb82b9b045859d25c96a223c16702b6043ea8950f6e,DSE222peSpe,10/2/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""nuevodcsrat.duckdns[.]org""], ""port"": [""8081""], ""campaign"": ""18"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""dEgxMHltV0tLRHdqV1hzbzJSVndsUWJxeW81VHhjeHI="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""arbGC4/myGSqqc4lCqktgD8vQI6ckWwdx3Sn6op4W9gzC0LHcwDKbOeRnmeFWorOEwPQ3dUV3BW2IL88VZ8KMZk62iVN8UMt4ZA3pIgDmAs+GtxDjfUFc60lC0TG0APh+CyeapFXX2GJLuhhHoF0hOWBMTpcsEr7oqIK4mrs8sg="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""18"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",nuevodcsrat.duckdns[.]org,18,DcRatMutex_qwqdanchun
d26905886a1f3e12a5af7e473ef805a346b8c89f68a2855128745b26212f78d6,gasgff34534c,3/20/2024,Remcos,"{""c2"": [""29idjidpoiic903jnu92cvvvew.con-ip[.]com:5023""], ""port"": [], ""campaign"": ""20 MAR $$$ 2024"", ""mutex"": ""Rmc-DX24ZG"", ""non_standard"": {""c2_list"": ""29idjidpoiic903jnu92cvvvew.con-ip[.]com:5023:1\u001e"", ""botnet"": ""20 MAR $$$ 2024"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-DX24ZG"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""76735F37B51B311760231D72C47C19A5"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA/bK072R8ULSeOSr5wUkeEMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA6VI2iU8kQnjaxGQYZ1oOLiaXXpoQjtj7hJtuy1r3G/TBrRcCL/wyrO0LmSJpiu7EB437pCrDvLOwjUeG7tMkYwCgYIKoZIzj0EAwIDSQAwRgIhAOSn37JeyD+DIWNHGE1xcYdm1RrQ8TT8hiLd9UIfm9uuAiEA7GC6L19W5lN5cfD3Rh2Ior++WuiLxQwnvw7H9AP/egA="", ""tls_key"": ""MHcCAQEEIJG09kVEQDINj8+wjHIe85JcOXQro5U9++N24NOCtOYMoAoGCCqGSM49AwEHoUQDQgAEDpUjaJTyRCeNrEZBhnWg4uJpdemhCO2PuEm27LWvcb9MGtFwIv/DKs7QuZImmK7sQHjfukKsO8s7CNR4bu0yRg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICED1NkqG7jUVs6UE+9lfC9FgwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECd6OUnfQld2gC9x8EQRhtR8SxJVg8oG9XKYRGj3Bl2o3nxXg5UX+DJrxL2ck0tBmDDoUhbl6AoiS4LqLq0jehDAKBggqhkjOPQQDAgNIADBFAiBPs4LgiRbRQ2McVsYAzfd/Q/h5nMAd2ZznwiDFiFSGBQIhANcDTxlBaY+lmnofU7TMD8RRqIs9H3Tqnu3QRNLrm6d0""}}",29idjidpoiic903jnu92cvvvew.con-ip[.]com:5023,20 MAR $$$ 2024,Rmc-DX24ZG
d2b4c65b6c4d7085f6362ccdde01c0e5801393ccfd27d3ee1883b23e61d49921,nEdxC2tcOtc,10/30/2024,Remcos,"{""c2"": [""porfavor.duckdns[.]org:7770""], ""port"": [], ""campaign"": ""XXX"", ""mutex"": ""Rmc-O7UXFX"", ""non_standard"": {""c2_list"": ""porfavor.duckdns[.]org:7770:1\u001e"", ""botnet"": ""XXX"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-O7UXFX"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""589EE363882E3928F66CF7B837BAD87C"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",porfavor.duckdns[.]org:7770,XXX,Rmc-O7UXFX
d3231042d20e7e02069279a9470ede4daddf70137cf1122550e4bdc354ba1473,gasgff34534c,3/21/2024,RedlineStealer,"{""c2"": [""193[.]233.133.152:35515""], ""port"": [], ""campaign"": ""NewCrypt"", ""mutex"": """", ""non_standard"": {""ID"": ""NewCrypt"", ""Message"": """", ""Key"": ""Revelry"", ""Version"": ""1""}}",193[.]233.133.152:35515,NewCrypt,
d41f8ae0df709b0243db420707a5d87d45eec903ad2fda40a03963b958f83a18,EXC   tcOtc,10/8/2024,Remcos,"{""c2"": [""octubre8.con-ip[.]com:7771""], ""port"": [], ""campaign"": ""MALOH"", ""mutex"": ""Rmc-CGYV12"", ""non_standard"": {""c2_list"": ""octubre8.con-ip[.]com:7771:1\u001e"", ""botnet"": ""MALOH"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-CGYV12"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""E72B904DDBEB179C52FD89AFD403808C"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",octubre8.con-ip[.]com:7771,MALOH,Rmc-CGYV12
d4e07d9cc1eaa08e84d2679f89829a4e8dec000b6ad1c793c3500df77f746b69,Edwardsigunecia,10/29/2024,Rhadamanthys,NONE,,,
d51c29ad01d4f7a479b2e8797ff8a086ddd461de33d3e2ba39f5cd226d5c267c,ACXNTGGCXTL,6/28/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
d56a6d41ab8dd698a4ed4290f7bc49e49cef37704bcc947104e5c7dc33db8c13,Sep   peSpe,9/1/2024,Rhadamanthys,NONE,,,
d5c70041e09a2304f4b9fe55ff804d72947e3bfa22b200312d2eae1ca60423bf,Aug   guAgu,10/3/2024,Remcos,"{""c2"": [""agosto6.con-ip[.]com:7775""], ""port"": [], ""campaign"": ""AM6R4"", ""mutex"": ""Rmc-5JZDA7"", ""non_standard"": {""c2_list"": ""agosto6.con-ip[.]com:7775:1\u001e"", ""botnet"": ""AM6R4"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-5JZDA7"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""5362EE03FAA36CB4DF3995B084785A49"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",agosto6.con-ip[.]com:7775,AM6R4,Rmc-5JZDA7
d622b2d8d7d33bcc427ced8f3dc2f0458c60131190d401070bc3de8fb3bc5786,43423fdasfdasfa32143242,3/15/2024,Rhadamanthys,NONE,,,
d6362028ce8ee6c56bc74d2d0192d511d5d18f8ade96a70ee40000c26c0c3455,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,2/27/2024,RisePro,"{""c2"": ""193[.]233.132.10:50500"", ""port"": [], ""campaign"": """", ""mutex"": """", ""non_standard"": {}}",193[.]233.132.10:50500,,
d7530b4cea5801c7bf84d8769dc3e6433d9fc807ae492ca39bd008ea365f16f8,MTGNSGNADS,5/2/2024,HeartCrypt Developer Test Sample,NONE,,,
d754c23ac2b3c2fc55c6debcb9ce7245a36ba569b1a676274f6c90e1492cc497,pavEL3tcOtc,10/30/2024,Remcos,"{""c2"": [""comunion992.linkpc[.]net:3019""], ""port"": [], ""campaign"": ""VERDES"", ""mutex"": ""jefwwoboewfpmefi-FDODC3"", ""non_standard"": {""c2_list"": ""comunion992.linkpc[.]net:3019:0\u001e"", ""botnet"": ""VERDES"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""500000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""jefwwoboewfpmefi-FDODC3"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""registros[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Capturas de pantalla"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""datos"", ""enable_watchdog_flag"": 0, ""license"": ""B6C491A32A67ABEAF5119B1E1658CBF5"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": """", ""tls_key"": """", ""tls_raw_peer_certificate"": """"}}",comunion992.linkpc[.]net:3019,VERDES,jefwwoboewfpmefi-FDODC3
d78e3e77e039c6206c59d8de22d5bc897af8eed615e13bd0af33f067e14b8b07,43423fdasfdasfa32143242,9/14/2024,XWorm,"{""c2"": [""stay-daughters.gl.at.ply[.]gg""], ""port"": [""43206""], ""campaign"": """", ""mutex"": ""PBjymWjEWW8oFIIG"", ""non_standard"": {""rhkEz24zVmxeYd"": ""Test@12345%"", ""G2Q4OD9OuS1ix7"": ""<Xwormmm>"", ""NQdO6FQKQTrfBY"": ""3"", ""MO1wYwxg2pEK9P"": ""doms"", ""BSqPS7PZk1tr5C"": ""USB.exe"", ""VRBRK21hxaq4Zx"": ""%AppData%"", ""dI3BxDXZPSBsBb"": ""COM Surrogate.exe"", ""mutex"": ""PBjymWjEWW8oFIIG""}}",stay-daughters.gl.at.ply[.]gg,,PBjymWjEWW8oFIIG
d7cc9dcc8ae28fc65fe7ca41441231501c455dd6e6f2311ffbc8ca6d134f5ac7,Sep111peSpe,9/10/2024,LummaStealer,"{""c2"": [""commisionipwn[.]shop"", ""stitchmiscpaew[.]shop"", ""ignoracndwko[.]shop"", ""grassemenwji[.]shop"", ""charistmatwio[.]shop"", ""basedsymsotp[.]shop"", ""complainnykso[.]shop"", ""preachstrwnwjw[.]shop"", ""dealleromwn[.]shop""], ""port"": [], ""campaign"": ""YT6gHy--"", ""mutex"": """", ""non_standard"": {}}","commisionipwn[.]shop,stitchmiscpaew[.]shop,ignoracndwko[.]shop,grassemenwji[.]shop,charistmatwio[.]shop,basedsymsotp[.]shop,complainnykso[.]shop,preachstrwnwjw[.]shop,dealleromwn[.]shop",YT6gHy--,
d825098c3ec079b7b309155ed35e1e6e59c6bf1ef2144f6ef2a553033a204a54,Edwardsigunecia,8/1/2024,Remcos,"{""c2"": [""5[.]253.86.233:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-TNTD7F"", ""non_standard"": {""c2_list"": ""5[.]253.86.233:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-TNTD7F"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""BFCC82ACB81EE1B7E3DB743B64F95E74"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhBnzlRFknNCaUDGV34nPxkMMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABF2uBxE4sU+Plc4ONBxFxijoRu6zHKGuxJVI48/B1gKraEehttJ8jeblr95QyQfHsKon1XridBWgPCGLwei529swCgYIKoZIzj0EAwIDSQAwRgIhAOWO+R+wAAjRGyaMAvAIyvFSlpUmChKPeaYdILkkPf34AiEAoHX0hOirP5BrNlw40kUW/zYZ7Z0GOkTLE3HGRNns344="", ""tls_key"": ""MHcCAQEEIKEkCEfu236hoaIs2iT3ZhDbibKRXB96tpdAtuuejW6HoAoGCCqGSM49AwEHoUQDQgAEXa4HETixT4+Vzg40HEXGKOhG7rMcoa7ElUjjz8HWAqtoR6G20nyN5uWv3lDJB8ewqifVeuJ0FaA8IYvB6Lnb2w=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhBlgYW7OuBVrHSS4taexbxVMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCVKk7+iKgzW55xVNMdX+wvwN/X29uA/nQFXEtWoZBB8SoCKDXgnXcAes8xdrgDw087Ydtsr8SerezWE//JkBm0wCgYIKoZIzj0EAwIDSQAwRgIhALd6j47ZQwwnFcfbKDVi6E7GF5FCwTyXjwkayRnPI1J6AiEA0Pg7VYCAPuI//4S9LiLQkU+CXdM1c5rbEl6HDBVKtVc=""}}",5[.]253.86.233:2404,RemoteHost,Rmc-TNTD7F
d84490b501877d621d3bb83299b2b5c3cc49414d6cdb685f0f30d08face21afe,43423fdasfdasfa32143242,3/18/2024,Amadey,"{""c2"": [""185[.]196.10.188"", ""89[.]23.103.42"", ""45[.]159.189.140""], ""port"": [], ""campaign"": """", ""mutex"": """", ""non_standard"": {""key"": ""40bfc938b9af6a10b5f8b3b4398e4941"", ""version"": ""4.18"", ""uri_path"": [""/hb9IvshS/index[.]php""], ""plugins"": [""cred.dll""]}, ""Strings"": [""185[.]196.10.188"", ""/hb9IvshS/index[.]php"", ""89[.]23.103.42"", ""45[.]159.189.140"", ""4.18"", ""S-%lu-"", ""%-lu"", ""-%lu"", ""551e5e2908"", ""Dctooux.exe"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders"", ""Startup"", ""cmd /C RMDIR /s/q "", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"", ""rundll32 "", ""Programs"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders"", ""%USERPROFILE%"", ""\\App"", ""POST"", ""cred.dll|clip.dll|"", ""Main"", ""http://"", ""https://"", ""/Plugins/"", ""&unit="", ""shell32.dll"", ""kernel32.dll"", ""GetNativeSystemInfo"", ""ProgramData\\"", ""AVAST Software"", ""Avira"", ""Kaspersky Lab"", ""ESET"", ""Panda Security"", ""Doctor Web"", ""360TotalSecurity"", ""Bitdefender"", ""Norton"", ""Sophos"", ""Comodo"", ""WinDefender"", ""0123456789"", ""Content-Type: multipart/form-data; boundary=----"", ""------"", ""\r\nContent-Disposition: form-data; name=\""data\""; filename=\"""", ""\""\r\nContent-Type: application/octet-stream\r\n\r\n"", ""\r\n------"", ""--\r\n"", ""?scr=1"", "".jpg"", ""Content-Type: application/x-www-form-urlencoded"", ""SYSTEM\\CurrentControlSet\\Control\\ComputerName\\ComputerName"", ""ComputerName"", ""abcdefghijklmnopqrstuvwxyz0123456789-_"", ""-unicode-"", ""SYSTEM\\CurrentControlSet\\Control\\UnitedVideo\\CONTROL\\VIDEO\\"", ""SYSTEM\\ControlSet001\\Services\\BasicDisplay\\Video"", ""VideoID"", ""\\0000"", ""DefaultSettings[.]XResolution"", ""DefaultSettings[.]YResolution"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""ProductName"", ""2019"", ""2022"", ""2016"", ""CurrentBuild"", ""rundll32.exe"", ""\""taskkill /f /im \"""", ""\"" && timeout 1 && del "", ""&& Exit\"""", ""\"" && ren "", "" && "", ""Powershell.exe"", ""-executionpolicy remotesigned -File \"""", ""shutdown -s -t 0"", ""st=s"", ""random""]}","185[.]196.10.188,89[.]23.103.42,45[.]159.189.140",,
da3a95d70153f65481b2ddaf4555ca680183db970a042181af023ad6b11544d0,43423fdasfdasfa32143242,3/15/2024,Remcos,"{""c2"": [""marzo15.con-ip[.]com:7770""], ""port"": [], ""campaign"": ""PENCIL"", ""mutex"": ""Rmc-JGCR4R"", ""non_standard"": {""c2_list"": ""marzo15.con-ip[.]com:7770:1\u001e"", ""botnet"": ""PENCIL"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-JGCR4R"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""9DB6399AA2B7A1B51A8E22BADFB28038"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",marzo15.con-ip[.]com:7770,PENCIL,Rmc-JGCR4R
dada501a3ecd363542202cb3897f0d0152f1481f8f63436ace881031651f8640,LStAFAGTUEACCCb,10/29/2024,Vidar,"{""c2"": [""hXXp://147[.]45.78.18:80"", ""hXXps://tougn[.]website"", ""hXXps://95[.]217.28.72""], ""port"": [], ""campaign"": """", ""mutex"": """", ""Strings"": [], ""non_standard"": {""dead_drop"": [""hXXps://t[.]me/fun88rockskek"", ""hXXps://steamcommunity[.]com/profiles/76561199794498376"", ""hXXps://t[.]me/asg7rd"", ""http://localhost:9223/json""]}}","hXXp://147[.]45.78.18:80,hXXps://tougn[.]website,hXXps://95[.]217.28.72",,
dae577c72041d51f181eeb6f2006c96a426ef2814b73252d089d7826c3ae4812,Edwardsigunecia,9/16/2024,HeartCrypt Developer Test Sample,NONE,,,
daf3764587bb8a9fe64c03699faf852107df6e9abc840b30be4fee77eddd7da7,asrfde,1/6/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
dba94a0f18f503848c9e2fc452b8bbb5684c49b97e05b83fc159602ef3c970e7,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,3/14/2024,XWorm,"{""c2"": [""renagtiondo[.]com""], ""port"": [""23567""], ""campaign"": """", ""mutex"": ""CGqHoFf1guTmTU5C"", ""non_standard"": {""KEY"": ""<123456789>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""s"", ""Groub"": ""XWorm V5.6"", ""USBNM"": ""USB.exe"", ""InstallDir"": ""%AppData%"", ""InstallStr"": ""PDFF.exe"", ""BTC"": ""bc1qwz99xh7qty8rvy5722fz9atnjlp63ca240a0mr"", ""ETH"": ""0xd7650d785CbB03667634C9982FC26bc1e1a80826"", ""TRC"": ""TFzLoFhDGDiKZgUrKh2U944VU6kYPim8TQ"", ""mutex"": ""CGqHoFf1guTmTU5C""}}",renagtiondo[.]com,,CGqHoFf1guTmTU5C
dbc2d8f4e0808059c5e5481ae74393598e5265167e708b267d907874bd7381c6,s1thebestidiots,4/21/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
dc204e1b625a80b71bdabdb6bc9904cda994e6ad2b669efbfbc245c2f9044f23,IF_YOU_ARE_READING_THIS_FUCK_OFF),3/15/2024,Remcos,"{""c2"": [""mywhitelab.ddns[.]net:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-P3DHP4"", ""non_standard"": {""c2_list"": ""mywhitelab.ddns[.]net:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-P3DHP4"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""76CBE7285D359B94FA187D4A0248FDDB"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyRyF7eZd8k21EDHInPFJcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWvjx8vGK4njoiHQ1z+j6O5bz1+3KGZIMTIurUAry+YRjx41T33lV5f+ae1aeMrf/uVtPzK9fPFzZVMh9556HjzAKBggqhkjOPQQDAgNIADBFAiEA9D8wKMGmRIrgUzqxSAvaOYhqDsVyhZPaooTfZx8vtJQCIEScWhjHd2h9yXTrksnkxx3QIhPRczZXs1aIM2Odex/a"", ""tls_key"": ""MHcCAQEEICinRtZvyllBN3avPks8bsCPLqlku+XRNiMpDP1wLXizoAoGCCqGSM49AwEHoUQDQgAEWvjx8vGK4njoiHQ1z+j6O5bz1+3KGZIMTIurUAry+YRjx41T33lV5f+ae1aeMrf/uVtPzK9fPFzZVMh9556Hjw=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEA3B6oBPtzqQA+NNAOe4Nw0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwtQGS/0wQyzwKOJcGKUx3916JpzK7t/dz3KXFwJLmpca1BTLDn92FHtApOjwdtPBupMWEtjPA0OJukA5ieTwSDAKBggqhkjOPQQDAgNHADBEAiAAt05ccyJXffQosR/0hwDQghQqU1WsmHUwugynaAGszgIgXgRjrwX4ey7vA8r1XhOFey3V0EQ3T2HQk64fZqIgFx0=""}}",mywhitelab.ddns[.]net:2404,RemoteHost,Rmc-P3DHP4
dc6439f061339d1addbce55511e88e41081ef6b36c9611e3939d9914bf211e61,gasgff34534c,3/31/2024,RaccoonStealer,"{""c2"": [""hXXp://192[.]227.94.170:80""], ""port"": [], ""campaign"": """", ""mutex"": ""stasvasbas"", ""non_standard"": {""UserAgent"": ""MrBidenNeverKnow""}}",hXXp://192[.]227.94.170:80,,stasvasbas
dcf90d69b4a83839e6b741986745c373a2c386a1a5518cab19133fda1f7f6e16,gasgff34534c,4/4/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""preferenciales12.duckdns[.]org"", """"], ""port"": [""7090""], ""campaign"": ""NEW ENVIO -04"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""cGpIdEFVbnpGc0huMGcyY0RQUGFIdjRJNkRQZHhDTmY="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n"", ""Server_signa_ture"": ""kTuoQ6xsDR9AhHNGYtEudnCCZyGpZ8vS0hEYBKU6nwJlVA6PnSbuZx6Y2z/6y79tx8s8gL92xJmV6rspOyBWBKA7YBxctXFu+R+oUn0vCfjJBK1Ch9zUAhJQpz/FChc18edqb179VV+qVufUIR8GREvQguJwbdcuj2FAH2SOSrY="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""NEW ENVIO -04"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}","preferenciales12.duckdns[.]org,",NEW ENVIO -04,DcRatMutex_qwqdanchun
de36e0af9cd7e32d781be2ab937a7dca33a9f93dcbecd06ff944641e5196c51f,gasgff34534c,5/13/2024,HeartCrypt (Nested Payload),NONE,,,
de643e52474149e2302a1101341bc8b659d2caa60221d8f2d554491fc99566e4,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,2/27/2024,Vidar,"{""c2"": [""hXXps://65[.]109.11.145""], ""port"": [], ""campaign"": ""402b3d38589286f4a2cedcac64921325"", ""mutex"": """", ""Strings"": [""INSERT_KEY_HERE"", ""GetProcAddress"", ""lstrcatA"", ""OpenEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""FindNextFileA"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""SetFilePointer"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""TerminateProcess"", ""GetCurrentProcessId"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrStrA"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""TRUE"", ""FALSE"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""History"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayVersion"", ""msvcp140.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""*.lnk"", ""Files"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Tox"", ""*.tox"", ""*.ini"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""accounts[.]xml"", ""token: "", ""Software\\Valve\\Steam"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""Content-Type: multipart/form-data; boundary=----"", ""Content-Disposition: form-data; name=\"""", ""build"", ""token"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg"", ""\u0004\u00004\u0000 \u0000e\u0000*\u0000\u001a\u0000S\u0000^\u0000A\u0000*\u0000\u001e\u0000+\u0000\f\u0000T\u00002\u0000i\u0000"", ""\u0004\u00004\u0000 \u0000e\u0000\u0007\u0000\u001d\u0000S\u0000Z\u0000L\u0000'\u0000\u000b\u0000!\u0000\f\u0000M\u0000$\u0000n\u0000""], ""non_standard"": {""dead_drop"": [""hXXps://steamcommunity[.]com/profiles/76561199644883218"", ""hXXps://t[.]me/neoschats""], ""version"": ""8""}}",hXXps://65[.]109.11.145,402b3d38589286f4a2cedcac64921325,
df58d81c1f9e99e829b04af328c72cce4fbc6ee848b0c7df150113d9e52c0d49,btaappoioti4989321mfdkfdsa9fdsfdasfj29384023423kjldfsfds,3/21/2024,Rhadamanthys,NONE,,,
df8049f5d37d2099ecf39ede46f5d3a9d96b17dd2b0b3819ec9e6762bc1127bc,Edwardsigunecia,9/12/2024,LummaStealer,"{""c2"": [""commisionipwn[.]shop"", ""stitchmiscpaew[.]shop"", ""ignoracndwko[.]shop"", ""grassemenwji[.]shop"", ""charistmatwio[.]shop"", ""basedsymsotp[.]shop"", ""complainnykso[.]shop"", ""preachstrwnwjw[.]shop"", ""commisionipwn[.]shop""], ""port"": [], ""campaign"": ""sG8pjw--natividade"", ""mutex"": """", ""non_standard"": {}}","commisionipwn[.]shop,stitchmiscpaew[.]shop,ignoracndwko[.]shop,grassemenwji[.]shop,charistmatwio[.]shop,basedsymsotp[.]shop,complainnykso[.]shop,preachstrwnwjw[.]shop,commisionipwn[.]shop",sG8pjw--natividade,
dfe9ac9d0d6304a92daaaff1b65178ed1e62cbac44583b773cb1292051c21cfb,fuckSsentinc,10/7/2024,Remcos,"{""c2"": [""faststaynow.duckdns[.]org:5057""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-S12O6G"", ""non_standard"": {""c2_list"": ""faststaynow.duckdns[.]org:5057:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-S12O6G"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""98EC66814E23E9B7A397C9E963BD6058"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA7OOdojOxe2eFf1fBG8unqMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMlwYNqi/kB2yHbLkSIaj62DuH8tNsGJtxSuR6KsQ3+QJqencvlnxmq4JSn0+0EWn6qYh91HDXc22c7iyzRaEAIwCgYIKoZIzj0EAwIDSQAwRgIhAMpY9EFZZyowr8JD/tfrVMIBv4+x9mt/uwy3pHheXiJnAiEAvtFSG9ZI80yr/xBVmsCowUep5gh0yqsHxGbiECltYa4="", ""tls_key"": ""MHcCAQEEIF/IHegOCgW4VlmidNOEm55kYkyVa1N+0dDsbs3GvTTzoAoGCCqGSM49AwEHoUQDQgAEyXBg2qL+QHbIdsuRIhqPrYO4fy02wYm3FK5HoqxDf5Amp6dy+WfGarglKfT7QRafqpiH3UcNdzbZzuLLNFoQAg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICEDt3f464f3YMZvUA1RndTL0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbpBewVrTUruPeTu0Il4Zo1lBqYCGABwclAqrpyun3x3MmUMgSDpwfLIGdqnw3yeXPCAa63awhWnmavkJOPzOBjAKBggqhkjOPQQDAgNIADBFAiEAhJsaTjAoa4DD/+k42Z8z2LhqSlzRaFd1bYA7nDJSulwCIFR+vFBl+ZJ5L7xZDB7iNHujHArvRTDFU9gCGvXIT8SK""}}",faststaynow.duckdns[.]org:5057,RemoteHost,Rmc-S12O6G
e0bff837ffc9cdaeadec0987da697923356ff7134ddef075325fedfe0f4c910c,ANDREYISNOTHAPPEITE,8/6/2024,Rhadamanthys,NONE,,,
e0d1f8817a29fcd6e49c38a59b3828bfc9a76a49167e545307b79bfb387d0ec5,Aug222guAgu,8/24/2024,HeartCrypt Developer Test Sample,NONE,,,
e0dce2c77838ca85988193df3fdf60a9e8d3124564700a5daaa466cdaf5392fb,DAEXo1tcOtc,10/18/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""septiembre162.con-ip[.]com""], ""port"": [""2727""], ""campaign"": ""NUEVO"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""Ykh2Y2pTc2dYdXlwY1VjTnpqTFFnOUR4bWRER1JMclU="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAIGBz6Y+7gj2nikjFjRUrU+W1e6pMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMTIwMTE4NTMxOVoXDTM0MDkwOTE4NTMxOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ7RkCU5e5ZZGOVZ75AKjw+32BE4r7Gh+NDIHidnET15r/o8cPJFvS5gpG4+iibf2Z0nRFnEuoTMJw07xCT/SG57sbHxxQWqLy+MzOO9Ja6xoYoZtHX2eKqlB8q/A+zgAA/ncmt7XysT58Qj/RJ8VVdvTNW2XqUpu67cC4U/VowjAgMBAAGjMjAwMB0GA1UdDgQWBBQGF84dbwRGs8dcAxJjYPEQ0vFz8DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAGElFBgck3Tl9JJ+akExL1Hf05KnfjNQqJh1Pb+sJI9mnuysEVbl9VfAwBmKCdvydwyWbc7opnIfL95l3s1WxqDM2iMqdHvKJAAqrdKbS+41ISGFkJYIApAxxE8iY2y0Nc9h4uS4wQ7EA95s0iYS3FU6a3fTiuBtdWqpIkSmIB3N"", ""Server_signa_ture"": ""LS52L+x8T94zd3o9AsbRk3m6xVOX7mKXy+dxu13pZTfoVfMgM4iYxCrElMCx8yj+vaVD/DIFYAKkj6hucmeFbiKhh8xmfRI+jZ+66B6L9q0SFjkZa6iJGdf/+W/HRRrLhNRTfi2RefdooWdDgFf4ItXS8s1npTzThHqfZxdZT5M="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""NUEVO"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",septiembre162.con-ip[.]com,NUEVO,DcRatMutex_qwqdanchun
e0f8597fbde807a20dd853711c5cfda779eb18d389277c4a2db63948202723f7,gasgff34534c,5/17/2024,VenomRat,"{""c2"": [""5[.]253.84.218""], ""port"": [""7878""], ""campaign"": ""Venom Clients"", ""mutex"": ""Venom_RAT_HVNC_Mutex_Venom RAT_HVNC"", ""non_standard"": {""Ver_sion"": "" 5.0.5"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""R2dMMkE2bWZFM2tqUXNvVFlIZ1dndkdVRnVzc0VZTVE="", ""MTX"": ""Venom_RAT_HVNC_Mutex_Venom RAT_HVNC"", ""Certifi_cate"": ""MIICMzCCAZygAwIBAgIVALgbuadTIXCBGx92qk2Pt658vf8pMA0GCSqGSIb3DQEBDQUAMGcxGDAWBgNVBAMMD1Zlbm9tUkFUIFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMDExMjE3MzIzNloXDTMxMTAyMjE3MzIzNlowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPLknDSnzkq9SuHSkPVyOxBFVoX/n/Y/SNOD2TO9vxmiaLG1rfOcnt7KPbQA3CJxOmVjCVDvtURayayaErAu6R280hq1HgF3iL7u8+5R9XY6JvXkaiKj2rYiEVKKWU55xGCztKNQAfUY7prw8li8QJk+J8vzitqKS1zz7G2UcGx1AgMBAAGjMjAwMB0GA1UdDgQWBBSyJslOSHG/21uHIrLBFtFJb3nJHzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAG/y6mnqPy3k1abtSAqAnm79siuBJ99b4uxdaTRVNIjATBtYUb3stSpQGefhnzNh4YS6w3SvTZk/BwuWyC0MKvHEbQhbk4JyoIcF4s2wzd5/mcTYK/kwPzAGUp+b93Fp38f3TRgFz+fWVZGheqUlWxzMzV1boXz2JX4pGQTypJBM"", ""Server_signa_ture"": ""JbjyaenRZqyofXViTjq0o4nz0FguHD5++LdnbPY/ba0m6FWvt1YdjrQVb+ltesJJOeK+s9HrD5wsboh3TSLa+R78kEN0zncwaWQ5Lm7KTvEMNeJbEst/RrGwnHLjRIr0fpovG4xGazS+ZYKIHrhIka+OxFAwm47MGV0B1/dKitA="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Venom Clients"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",5[.]253.84.218,Venom Clients,Venom_RAT_HVNC_Mutex_Venom RAT_HVNC
e11a0afc8d50c55f0c879bd0c9e5a0e3fe218fd47a30fd4128f4cbf5f817dd65,xCeDs2tcOtc,10/22/2024,Remcos,"{""c2"": [""pruebaoctubrenuevo.ydns[.]eu:3018""], ""port"": [], ""campaign"": ""clavel"", ""mutex"": ""jhatgdyhjaoplgdnyujdzjgd-QP3IZC"", ""non_standard"": {""c2_list"": ""pruebaoctubrenuevo.ydns[.]eu:3018:0\u001e"", ""botnet"": ""clavel"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""500000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""jhatgdyhjaoplgdnyujdzjgd-QP3IZC"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""registros[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Capturas de pantalla"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""datos"", ""enable_watchdog_flag"": 0, ""license"": ""B6C491A32A67ABEAF5119B1E1658CBF5"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": """", ""tls_key"": """", ""tls_raw_peer_certificate"": """"}}",pruebaoctubrenuevo.ydns[.]eu:3018,clavel,jhatgdyhjaoplgdnyujdzjgd-QP3IZC
e1431911ef43d4af90f89b0adfdccea150bbcd0fd0eb57907878ec5c4573038c,DSE222peSpe,9/25/2024,RedlineStealer,"{""c2"": [""45[.]77.166.78:44506""], ""port"": [], ""campaign"": ""xx.2"", ""mutex"": """", ""non_standard"": {""ID"": ""xx.2"", ""Message"": """", ""Key"": ""Wipers"", ""Version"": ""1""}}",45[.]77.166.78:44506,xx.2,
e2f48a73e05008fdc0391d8f982cfb44c3b8eca591377179bb53059879fd1430,gasgff34534c,9/24/2024,XWorm,"{""c2"": [""winswerx1.duckdns[.]org"", ""fantasmads.ddns[.]net"", ""xmagoo.duckdns[.]org""], ""port"": [""7000""], ""campaign"": """", ""mutex"": ""DVEG7hVEGQc0xBEL"", ""non_standard"": {""OS3oMThyfjInYrU6aQFL0oM6UihqIVR0LZr5"": ""<123456789>"", ""fI9fdDsM84i9xVruwhLsxvtZSXjgdpcBej8D"": ""<Xwormmm>"", ""xUUnqSuAkWSur6Ctb0YQSxUOgOkfvIS85r46"": ""3"", ""NcDdGOL3VjLYeJ47PU2epm6CxhkjH53iMOTu"": ""XWorm V5.6"", ""TySjTZWCK8APCE9YUX34CUQwDCTjElzTSKMm"": ""USB.exe"", ""00UzNf0c2hwLu7XuZvrdqTkyQVMQfjSBOg89"": ""6830598656:AAHMVY4254WoImLzucSTxvPyGlPrXZkW6lQ"", ""kRBF0IlSqxEaDurJb9nUgJk3stS1MSes7tTw"": ""5162530954"", ""mutex"": ""DVEG7hVEGQc0xBEL""}}","winswerx1.duckdns[.]org,fantasmads.ddns[.]net,xmagoo.duckdns[.]org",,DVEG7hVEGQc0xBEL
e3f51122f1c4ce17d243e0262e948cf4ee991f3f49e44cb8d276decacf14f3dd,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,2/17/2024,HeartCrypt Developer Test Sample,NONE,,,
e4348ea6b4e98e96760105b7b9c9612370ac3a338bdca989e98fff87612c4d3d,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,3/13/2024,AsyncRat,"{""c2"": [""pepecasas123[.]net"", ""pepecasas123.mywire[.]org""], ""port"": [""4608""], ""campaign"": ""me spread new new new"", ""mutex"": ""AsyncMutex_2382"", ""non_standard"": {""Version"": ""AsyncRAT"", ""Install"": ""false"", ""InstallFolder"": ""%AppData%"", ""InstallFile"": ""pepe.exe"", ""Key"": ""Q084Z1BNam5idXRpRlVmclMzVjc3R0FxUXlWSnNkZmQ="", ""MTX"": ""AsyncMutex_2382"", ""Certificate"": ""MIIE8jCCAtqgAwIBAgIQAPeWQ4YJ3MvReCGwLzn7rTANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjIwNDI1MDA0MTA5WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKT9nYYTjYTZhY+g1tekZ8/F29gsEIDgf/8odvCbCmYKGGZZi2yND9NjtBXEMANM9PAXCyMapGvapDPbWgjYkLiMw/Vwa3kZRg7kLpXMpzInLQufe7Q587viilcsGDoVXmnf51/SwsKPjSysZUpyayezUlJ1j6aXkZGnasiqJ7iKANdSneQducOn6IwaEuJBmpXKWxhhq8R9JMfiWeOXL/hXoE/wCzwzvU/CrzPXd3uMsLfFMDHZJ+OQ9OXKU/CHZNCgSPs4VSgCgM4eK0YTbu1mLsWSo5th3/ingNFaTyYmGsmLIE2Jq5AR1A+xA+FEdC8zKL1bAwYQcRgIJs7QdedtAIufepPZ9D5HiOiy3ITYVonqwTiiIm20en7UICt+J8iDb4M2Q2iLWA7Yi9PN2cr0Xrs8A4/RL29Qe5Ly2k35i74RiBTiT7Jbl2r7PcYlUGcjTCbdB9PWt3dYaTysuamoq2Zuo2HVRhhoZpwnajS9vNcjuZCYVoQvUQBUnHTeRZrtHXU5JV59ZBlu7flZneMZnbrWXTxob6Bdt8+hrGoSDMWBFcO4jRzhT3hEFUpu4lSFeb9T3Vx4KWkHJhHtMvHuYgDTXERdEcI00sOUbVxgd/62LhGXNNommQKCyiAGj0V5uLD73Fyw8vJpm3jXf3NgNt/CjnlaMc40DJ+HlXE5AgMBAAGjMjAwMB0GA1UdDgQWBBQsT2WvtxGUK29SWs4sHz1xYye0fzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQCK5sVfnYyT5MqnCg3uHV2ojf12fIVFCY02Cc7gy3DVoE6/xZCPjr22V/xZunZ7DG1nt0kOJKDwdQYnGoMc5UPh8jbNRoc1ojLOCaluaIYQyl8AGkmUSRA3Ltk0XetDescffrWT/nKuRvIEYU4Ra+B39f8ouGMCa7VXaxnGJ0z0BkUie8KsDLgNmJ7/kVfIYuRxl+YefoCsUTCogqf0fu3DuRHBpUVaSQQOf9YCbvFWH7Nupc3UIwpH5D8kSdpKusEfbRp8nfWN/Fm+lzF3THeHU6vNJ+5UoAWHYFW8wfJCbzQ/0L8QZeOv4uy74oQP2Ed0RdrWCwUL6SSsDPZdDEOy4K4vVYkDTl1nL5tleATguELAEbbT42oLce85z4C7sKvpEfa4DPbU55xBLwvHniILFfjB7VVsrgVckUL/lEf4Y92uJVKvLGruQt/mtKSqIuJjD8T9y7RIsk6g9624egV5UtLtv+36kLKhgIJlqC7Xx/PVwMc2yw8BiQlvxQZgqSd1k7QmV1AhV/3z2wqnYmb09ibTMYaMFjtamFegeFqc4jRLABhVQFEFv8z5E6G9vgKn5mQDWS/JykARBv9o2BjL/PTADfwAtc1b4nWo0l+CI8IjjYXu/mJOuwR+kFJ19INtwbffQvT9U12t4smpcZV+OK0opk4Yr9r1tZYm92ghXA=="", ""Serversignature"": ""b8ft7yOzJO3i3ZTkzxi/eso2s3FoE+n/YMd7eSdaG6oGWKjVRFFJFzr2ahtlZ/VluOfUy5+qyLFdFoU1m0CN8rBYc1yVOwL9jsHIRnOc5Lh5+PywctR+u8rIpsy/hzqs2NmDSgTxXcPS11QKPWwr3vzNCa6LWtm9FrqP0uonOqSEYelvOiz00MQgHJxLpjL2QeSSH6KWEQWwoes5WtsbogM0g3wJo3BfetKQsIs74H3Mhjcffdq+tLVuLJz9DA3jJZz/2AfZvKL3CqbbSnpz5NV/sNe3k6e/X/Ap9XgHu07xsLbUQJNqLq2jzQH7+10FFrXgh+1O9ThNrMjKPvII8TCZR6U7/xBaT/1lfHbydFgLTTzQjmFa5W0UfhpY9tJX4Err/q428w8s2++HMLSJIHHR1+pWiNOXlB/sij+1ohHq3yzlSwp/WCEDlPb3gusQ3OOGWfowJcLISDgBA6U35E83FMcb2+DGNUCeA1MyPOOiEtNhPlB0u/pKj8N/H5Bs/AtuPoCKEC3neTn9zeA+PyfBe/YyRoPxzr+QPPEGJoJNoDiitOu9Bvtz7JjpYmrbNWtwGz7YkaGNTcoUFCfpn6Q4/wYVhdKPAm5+5jdWip7w++YamDCmlfwMo9rcebiHxhFUFIosyoQ7zToqkSLKro79uBKn296E3JFysnofadY="", ""Anti"": ""false"", ""offlineKL"": ""true"", ""clipper"": ""false"", ""btc"": ""BTC_Address"", ""eth"": ""ETH_Address"", ""TRC"": ""TRC20_Address"", ""Pastebin"": ""null"", ""BDOS"": ""false"", ""Hwid"": 0, ""Delay"": ""3"", ""Group"": ""me spread new new new""}}","pepecasas123[.]net,pepecasas123.mywire[.]org",me spread new new new,AsyncMutex_2382
e5c752c17a8553d77b0751b49ecdcde62e10978185c9f3cdd7b253a92096b09c,Edwardsigunecia,5/27/2024,Rhadamanthys,NONE,,,
e5f6b05e58adcca40c37a12ebd6b930d50d99d6e913fdfa46dc852318940c2b4,fuckSsentinc,10/23/2024,HeartCrypt Developer Test Sample,NONE,,,
e6fe3b4fadb70e524e14f05582fbcf5109a1c9e77160a89078d4d6eb09a8a667,gasgff34534c,10/3/2024,RedlineStealer,NONE,,,
e75b1a0848b1250d747c6ab6ba1c1fdd13cc7a3b1aafca9638a2ba1d3b958e8f,NACSKKETTAF,8/21/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""wins22jul.duckdns[.]org""], ""port"": [""9004""], ""campaign"": ""24 JULIO NEWS"", ""mutex"": ""GTSDYFYHREYQERWY"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""ckZjUDZkZjExazdyeWpOUHRMbGNLenVQRlk2NlVLWlM="", ""MTX"": ""GTSDYFYHREYQERWY"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVALv/XcwQnmQIwA3z8xW4ctTaHXVBMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIyMTAyMjIxNTY1NVoXDTMzMDczMTIxNTY1NVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIHPo9UElAeRw3cSGFuu04tmut2qVTmi9Jrgi/GqS0nhXmdp7dHiHatr+O8Ky6kFbRw3Od4qorPE48u+VlPHuwGMWSDHWvsNuvisquspvO+bKwNT4Nha26lWX+GEyE6RaYJN4dO3QuL0BxT6wcd6g22ZJl/0uugFGnSbJEm0SRtNAgMBAAGjMjAwMB0GA1UdDgQWBBQbaxfiE1h/zzfdLHK2Y9C2qyy8ITAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAFcWnogvkrMkdwkiJLc7kR6ntspay88jl/0EkB+JQu9+WJx0poJDW5wTagTKIbPu19sloMAf1rJPmIZ+gn3AhRFowfy+YOT2Bxxjklv9Y+zu3rkXbWcqzH+t4A0V3mbQSgD8K5Ulgrgn35gUcCdC5kymRjwdrKfy3Qk1MIIrtqJP"", ""Server_signa_ture"": ""IVxxDcG6UHXW2FXPIcNI4ahd1Et5M1XRnKPSwuSNXt7o0OUV7+5/dM47q2U2q3rhuJda/kCduqN+wAaZznLNcfuJhTQA7kjVm9cHd2DTq436n2WqHJA0HhyxF9MrDYOeuzquFjIJowPuZ7GhykgDbm8t4Xy4AUp/vasbC7JIaUM="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""24 JULIO NEWS"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",wins22jul.duckdns[.]org,24 JULIO NEWS,GTSDYFYHREYQERWY
e8470ee5c32ee353798a80f6d0d5257ea7b872bd446c520c0e2aac90fef87b7e,EXC   tcOtc,10/24/2024,Remcos,"{""c2"": [""gilbertomartinezlora09.con-ip[.]com:1880""], ""port"": [], ""campaign"": ""LOS BREEE"", ""mutex"": ""Rmc-SHS1PL"", ""non_standard"": {""c2_list"": ""gilbertomartinezlora09.con-ip[.]com:1880:1\u001e"", ""botnet"": ""LOS BREEE"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-SHS1PL"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""6F1EDFB348C95F54B26B789C5C0862D6"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA/bK072R8ULSeOSr5wUkeEMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA6VI2iU8kQnjaxGQYZ1oOLiaXXpoQjtj7hJtuy1r3G/TBrRcCL/wyrO0LmSJpiu7EB437pCrDvLOwjUeG7tMkYwCgYIKoZIzj0EAwIDSQAwRgIhAOSn37JeyD+DIWNHGE1xcYdm1RrQ8TT8hiLd9UIfm9uuAiEA7GC6L19W5lN5cfD3Rh2Ior++WuiLxQwnvw7H9AP/egA="", ""tls_key"": ""MHcCAQEEIJG09kVEQDINj8+wjHIe85JcOXQro5U9++N24NOCtOYMoAoGCCqGSM49AwEHoUQDQgAEDpUjaJTyRCeNrEZBhnWg4uJpdemhCO2PuEm27LWvcb9MGtFwIv/DKs7QuZImmK7sQHjfukKsO8s7CNR4bu0yRg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICED1NkqG7jUVs6UE+9lfC9FgwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECd6OUnfQld2gC9x8EQRhtR8SxJVg8oG9XKYRGj3Bl2o3nxXg5UX+DJrxL2ck0tBmDDoUhbl6AoiS4LqLq0jehDAKBggqhkjOPQQDAgNIADBFAiBPs4LgiRbRQ2McVsYAzfd/Q/h5nMAd2ZznwiDFiFSGBQIhANcDTxlBaY+lmnofU7TMD8RRqIs9H3Tqnu3QRNLrm6d0""}}",gilbertomartinezlora09.con-ip[.]com:1880,LOS BREEE,Rmc-SHS1PL
e891320afc71746992cafbe3899c54999838519170e2ba3f1cc57ef5994b085d,Aug222guAgu,8/29/2024,LummaStealer,"{""c2"": [""caffegclasiqwp[.]shop"", ""stamppreewntnq[.]shop"", ""stagedchheiqwo[.]shop"", ""millyscroqwp[.]shop"", ""evoliutwoqm[.]shop"", ""condedqpwqm[.]shop"", ""traineiwnqo[.]shop"", ""locatedblsoqp[.]shop"", ""applieddyooqnz[.]shop""], ""port"": [], ""campaign"": ""YT6gHy--"", ""mutex"": """", ""non_standard"": {}}","caffegclasiqwp[.]shop,stamppreewntnq[.]shop,stagedchheiqwo[.]shop,millyscroqwp[.]shop,evoliutwoqm[.]shop,condedqpwqm[.]shop,traineiwnqo[.]shop,locatedblsoqp[.]shop,applieddyooqnz[.]shop",YT6gHy--,
e8b934b5f4eb3c40b83521360f41d8950875b71607ba38cb72a9562fadff4473,EFF333peSpe,10/1/2024,Remcos,"{""c2"": [""mariobenjumealora09.con-ip[.]com:1880""], ""port"": [], ""campaign"": ""LOS BREEE"", ""mutex"": ""Rmc-B9JZGA"", ""non_standard"": {""c2_list"": ""mariobenjumealora09.con-ip[.]com:1880:1\u001e"", ""botnet"": ""LOS BREEE"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-B9JZGA"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""6F1EDFB348C95F54B26B789C5C0862D6"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA/bK072R8ULSeOSr5wUkeEMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA6VI2iU8kQnjaxGQYZ1oOLiaXXpoQjtj7hJtuy1r3G/TBrRcCL/wyrO0LmSJpiu7EB437pCrDvLOwjUeG7tMkYwCgYIKoZIzj0EAwIDSQAwRgIhAOSn37JeyD+DIWNHGE1xcYdm1RrQ8TT8hiLd9UIfm9uuAiEA7GC6L19W5lN5cfD3Rh2Ior++WuiLxQwnvw7H9AP/egA="", ""tls_key"": ""MHcCAQEEIJG09kVEQDINj8+wjHIe85JcOXQro5U9++N24NOCtOYMoAoGCCqGSM49AwEHoUQDQgAEDpUjaJTyRCeNrEZBhnWg4uJpdemhCO2PuEm27LWvcb9MGtFwIv/DKs7QuZImmK7sQHjfukKsO8s7CNR4bu0yRg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICED1NkqG7jUVs6UE+9lfC9FgwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECd6OUnfQld2gC9x8EQRhtR8SxJVg8oG9XKYRGj3Bl2o3nxXg5UX+DJrxL2ck0tBmDDoUhbl6AoiS4LqLq0jehDAKBggqhkjOPQQDAgNIADBFAiBPs4LgiRbRQ2McVsYAzfd/Q/h5nMAd2ZznwiDFiFSGBQIhANcDTxlBaY+lmnofU7TMD8RRqIs9H3Tqnu3QRNLrm6d0""}}",mariobenjumealora09.con-ip[.]com:1880,LOS BREEE,Rmc-B9JZGA
e9b07ed4490fea74cf5b0bb98bbe1f3d0262f68f3df3bf32ab2df978a1005969,43423fdasfdasfa32143242,7/29/2024,XWorm,"{""c2"": [""front-nature.gl.at.ply[.]gg""], ""port"": [""26967""], ""campaign"": """", ""mutex"": ""Nu4URdpSB9ta1qe1"", ""non_standard"": {""KEY"": ""<>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""XWorm V5.6"", ""USBNM"": ""usbupdater.exe"", ""InstallDir"": ""%ProgramData%"", ""InstallStr"": ""msedge.exe"", ""BTC"": ""bc1qyrkl2d6y5szrmqdhc4tv5jjavgyrtlcu072d73"", ""ETH"": ""ETH_Address"", ""TRC"": ""TRC20_Address"", ""mutex"": ""Nu4URdpSB9ta1qe1""}}",front-nature.gl.at.ply[.]gg,,Nu4URdpSB9ta1qe1
ea9d43358580e77ba214782691e1d2a4a258efc5c22a9e9dd526aa0649419ba0,CROWDSTRIKE,4/22/2024,Remcos,"{""c2"": [""robertobarbosalora09.con-ip[.]com:1880""], ""port"": [], ""campaign"": ""NUEVO"", ""mutex"": ""Rmc-II91MK"", ""non_standard"": {""c2_list"": ""robertobarbosalora09.con-ip[.]com:1880:1\u001e"", ""botnet"": ""NUEVO"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-II91MK"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""C990048C9793413BD33973486B91E57F"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA/bK072R8ULSeOSr5wUkeEMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA6VI2iU8kQnjaxGQYZ1oOLiaXXpoQjtj7hJtuy1r3G/TBrRcCL/wyrO0LmSJpiu7EB437pCrDvLOwjUeG7tMkYwCgYIKoZIzj0EAwIDSQAwRgIhAOSn37JeyD+DIWNHGE1xcYdm1RrQ8TT8hiLd9UIfm9uuAiEA7GC6L19W5lN5cfD3Rh2Ior++WuiLxQwnvw7H9AP/egA="", ""tls_key"": ""MHcCAQEEIJG09kVEQDINj8+wjHIe85JcOXQro5U9++N24NOCtOYMoAoGCCqGSM49AwEHoUQDQgAEDpUjaJTyRCeNrEZBhnWg4uJpdemhCO2PuEm27LWvcb9MGtFwIv/DKs7QuZImmK7sQHjfukKsO8s7CNR4bu0yRg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICED1NkqG7jUVs6UE+9lfC9FgwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECd6OUnfQld2gC9x8EQRhtR8SxJVg8oG9XKYRGj3Bl2o3nxXg5UX+DJrxL2ck0tBmDDoUhbl6AoiS4LqLq0jehDAKBggqhkjOPQQDAgNIADBFAiBPs4LgiRbRQ2McVsYAzfd/Q/h5nMAd2ZznwiDFiFSGBQIhANcDTxlBaY+lmnofU7TMD8RRqIs9H3Tqnu3QRNLrm6d0""}}",robertobarbosalora09.con-ip[.]com:1880,NUEVO,Rmc-II91MK
eaa103a6a63dad21dc2baf4bd6b4d74fc589f4a1371c81899edce25c27f62268,MTGNSGNADS,5/3/2024,Unknown .NET Loader,NONE,,,
eada4d07fcd5f9254873d857f9fd658a160e3b04f3568a295901c0337004622d,Sep111peSpe,10/10/2024,LummaStealer,"{""c2"": [""absorptioniw[.]site"", ""mysterisop[.]site"", ""snarlypagowo[.]site"", ""treatynreit[.]site"", ""chorusarorp[.]site"", ""abnomalrkmu[.]site"", ""soldiefieop[.]site"", ""questionsmw[.]store"", ""mysterisop[.]site""], ""port"": [], ""campaign"": ""6N4MYP--Feliz-2-Oct"", ""mutex"": """", ""non_standard"": {}}","absorptioniw[.]site,mysterisop[.]site,snarlypagowo[.]site,treatynreit[.]site,chorusarorp[.]site,abnomalrkmu[.]site,soldiefieop[.]site,questionsmw[.]store,mysterisop[.]site",6N4MYP--Feliz-2-Oct,
eb287ca6bc137141d82775a34ad1cd2f2aa10a22defae90c113a74ed38dda208,Sep111peSpe,9/23/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""doctorganador.duckdns[.]org""], ""port"": [""6600""], ""campaign"": ""ONE WORD"", ""mutex"": ""DcRatMutex_qwqdAKnsAJndk5aroiiswi499343"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": ""SEPTIEMBRE.exe"", ""Key"": ""M0d1b212bkNRazVRN1NoOXA3Rmt0Wm01dkMyU3Z1Vlc="", ""MTX"": ""DcRatMutex_qwqdAKnsAJndk5aroiiswi499343"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""RKGPo3JraeWQTEnKvcFdxuSyFqvHD5Tqdlm+2WGXjNW1tF9b3LAMHCOnc/OkroeKVJxYZ1C74N/kgOh8hb8zHwBYdq9edEsb/1nKuOiavDwI8JGm3ROoBnbmfXano1JWCGkUuQ4PoB8nOE5jko+QRt9wfmgJcIYwNn6QzVrPrCM="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""ONE WORD"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",doctorganador.duckdns[.]org,ONE WORD,DcRatMutex_qwqdAKnsAJndk5aroiiswi499343
ebe7bff77210dc2a0abbfd66b0d177199196a7f1b07701ebd4bef9a04bbbc411,gasgff34534c,6/17/2024,DanaBot,NONE,,,
ec8344a4125b21078498e0eece9384d98601f07f2a5b59d063dad7688102fd1d,,1/1/2024,HeartCrypt Developer Test Sample,NONE,,,
eccb22533708e9915223c46a48b932ca1707c04e4b47a4371d2f8b1acac3bd2f,Edwardsigunecia,9/9/2024,RedlineStealer,"{""c2"": [""45[.]89.53.206:4663""], ""port"": [], ""campaign"": ""alpha003"", ""mutex"": """", ""non_standard"": {""ID"": ""alpha003"", ""Message"": """", ""Key"": ""Prettyish"", ""Version"": ""1""}}",45[.]89.53.206:4663,alpha003,
ed5e523acba44de27161183c6d947d65f73a11fabf39524a9b23b25fef951cfe,DOaEF1tcOtc,10/15/2024,Remcos,"{""c2"": [""assaasjdnsubdcdy.con-ip[.]com:1667""], ""port"": [], ""campaign"": ""Voltarger"", ""mutex"": ""Rmc-6611TX"", ""non_standard"": {""c2_list"": ""assaasjdnsubdcdy.con-ip[.]com:1667:1\u001e"", ""botnet"": ""Voltarger"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-6611TX"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""86CDB103BEE8F4F4E4BB432E59BB138D"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",assaasjdnsubdcdy.con-ip[.]com:1667,Voltarger,Rmc-6611TX
edd192a65b9a5d7df1076294077e896a872bf8c6c1ab8799415f1ddaf32e0144,XsxLO1tcOtc,10/16/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""pt4040.4cloud[.]click""], ""port"": [""4004""], ""campaign"": ""Z-Oct-16"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""eEE3ZWRWeE9kc1hnUnlLeWJxc2dzSVJyZVRySDdxaUo="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""E62w49+hwqLNB3xW6oqo6sgpAmRRkPJ1sBm9Qk6CcaUrk0R5Uuu8TePdWMJKORIOCL36xAY2oY+iYnU20QHuZFDVkVULG2TUCJcbj/ksJZLbbfNa1z/Nt6lVIl1yZu4Ukx7HVduz83+bbvMBXAqrZo5MkxBvbs0+l/kXSK0msdA="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Z-Oct-16"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",pt4040.4cloud[.]click,Z-Oct-16,DcRatMutex_qwqdanchun
ede149b1de958af88945f4744c1d95584615686a6db9d914069c0c7227ebe56b,Aug222guAgu,8/21/2024,XWorm,"{""c2"": [""xwrmsistem.duckdns[.]org""], ""port"": [""7000""], ""campaign"": """", ""mutex"": ""3wMQuoPMT069qkfP"", ""non_standard"": {""KEY"": ""<123456789>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""ENVIO"", ""USBNM"": ""USB.exe"", ""mutex"": ""3wMQuoPMT069qkfP""}}",xwrmsistem.duckdns[.]org,,3wMQuoPMT069qkfP
ee11fbe9cc5f57380f27c7fb2b17e5b4e7b0ec6cd1449d3860a5e8902c13ac2c,MTGNSGNADS,6/24/2024,Vidar,"{""c2"": [""hXXps://steamcommunity[.]com/profiles/76561199699680841"", ""hXXps://t[.]me/memve4erin""], ""port"": [], ""campaign"": ""a1f03eedd789a0a461a24566b6c35aea"", ""mutex"": """", ""Strings"": [""GetProcAddress"", ""LoadLibraryA"", ""lstrcatA"", ""OpenEventA"", ""CreateEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""VirtualAlloc"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""advapi32.dll"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""GetUserNameA"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""NtQueryInformationProcess"", ""VMwareVMware"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""HeapFree"", ""GetFileSize"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""FreeLibrary"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""GetWindowsDirectoryA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""DeleteFileA"", ""FindNextFileA"", ""LocalFree"", ""FindClose"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""ReadFile"", ""SetFilePointer"", ""WriteFile"", ""CreateFileA"", ""FindFirstFileA"", ""CopyFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""lstrcpynA"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""GlobalAlloc"", ""OpenProcess"", ""TerminateProcess"", ""GetCurrentProcessId"", ""gdiplus.dll"", ""ole32.dll"", ""bcrypt.dll"", ""wininet.dll"", ""shlwapi.dll"", ""shell32.dll"", ""psapi.dll"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GdipFree"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""CloseWindow"", ""wsprintfA"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""wsprintfW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegCloseKey"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""ShellExecuteExA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrCmpCA"", ""StrStrA"", ""StrCmpCW"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmGetList"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\\\ProgramData\\\\nss3.dll"", ""NSS_Init"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\\\ProgramData\\\\"", ""Soft: "", ""SELECT origin_url, username_value, password_value FROM logins"", ""profile: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies"", ""TRUE"", ""FALSE"", ""Autofill"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""Web Data"", ""History"", ""logins[.]json"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""formhistory[.]sqlite"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""IndexedDB"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""Local State"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""ProductName"", ""SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion"", ""x32"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\\\DESCRIPTION\\\\System\\\\CentralProcessor\\\\0"", ""ProcessorNameString"", ""SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Uninstall"", ""DisplayName"", ""DisplayVersion"", ""freebl3.dll"", ""mozglue.dll"", ""msvcp140.dll"", ""nss3.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\\\Temp\\\\"", "".exe"", ""runas"", ""open"", ""/c start "", ""%DESKTOP%"", ""%APPDATA%"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%DOCUMENTS%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""%RECENT%"", ""*.lnk"", ""Files"", ""\\\\discord\\\\"", ""\\\\Local Storage\\\\leveldb\\\\CURRENT"", ""\\\\Local Storage\\\\leveldb"", ""\\\\Telegram Desktop\\\\"", ""key_datas"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Telegram"", ""Tox"", ""*.tox"", ""*.ini"", ""Password"", ""Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows Messaging Subsystem\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""\\\\Outlook\\\\accounts[.]txt"", ""Software\\\\Microsoft\\\\Office\\\\13.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Software\\\\Microsoft\\\\Office\\\\14.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Software\\\\Microsoft\\\\Office\\15.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""Pidgin"", ""Software\\\\Microsoft\\\\Office\\16.0\\\\Outlook\\\\Profiles\\\\Outlook\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""\\\\.purple\\\\"", ""Software\\\\Microsoft\\\\Windows Messaging Subsystem\\\\Profiles\\\\9375CFF0413111d3B88A00104B2A6676\\\\"", ""00000001"", ""00000002"", ""00000003"", ""00000004"", ""accounts[.]xml"", ""dQw4w9WgXcQ"", ""token: "", ""Software\\\\Valve\\\\Steam"", ""SteamPath"", ""\\\\config\\\\"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\\\Steam\\\\"", ""sqlite3.dll"", ""browsers"", ""done"", ""Soft"", ""\\\\Discord\\\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\\\ProgramData\\\\*.dll\""\"" & exit"", ""C:\\\\Windows\\\\system32\\\\cmd.exe"", ""https"", ""POST"", ""Content-Type: multipart/form-data; boundary=----"", ""HTTP/1.1"", ""Content-Disposition: form-data; name=\"""", ""hwid"", ""build"", ""token"", ""file_name"", ""file"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg"", ""uh]"", ""uh]""], ""non_standard"": {""dead_drop"": [], ""version"": ""10.1""}}","hXXps://steamcommunity[.]com/profiles/76561199699680841,hXXps://t[.]me/memve4erin",a1f03eedd789a0a461a24566b6c35aea,
ee231cb499908ddca8cba88cd674f9e30931457363eec6100734363772005548,bbbbb5,1/8/2024,HeartCrypt Developer Test Sample,NONE,,,
ee4e7f4fbfe7fee56f16b21eb0e33833e67f53ce020d0f8b6d0d58b646afd78f,43423fdasfdasfa32143242,4/1/2024,QuasarRat,"{""c2"": [""91[.]92.248.143:1000""], ""port"": [], ""campaign"": ""expressVPN_CC"", ""mutex"": ""8d8b042a-2518-4ae9-b021-0e420445bce0"", ""non_standard"": {""Version"": ""1.4.1"", ""SUBDIRECTORY"": ""SubDir"", ""INSTALLNAME"": ""Client.exe"", ""INSTALL"": ""false"", ""STARTUP"": ""false"", ""MUTEX"": ""8d8b042a-2518-4ae9-b021-0e420445bce0"", ""STARTUPKEY"": ""Quasar Client Startup"", ""HIDEFILE"": ""false"", ""ENABLELOGGER"": ""false"", ""ENCRYPTIONKEY"": ""A6FD37588684D6DA697E9A56880F9F2B49CE5EE3"", ""TAG"": ""expressVPN_CC"", ""LOGDIRECTORYNAME"": ""Logs"", ""SERVERSIGNATURE"": ""bSWO86WF895/abxHhSpg0QwaSUp734thZM+ptoCfBWUkuxOcprdFVTv/f1+7u3Dhvmc4JAD2rI3DeP7q9HRQzE+nfV91ud8IYlF1xqBl/01NKAFi/tyi7FZiyd54GlvW6kmpkWITVhn0k6V/Xcw/T+pgXIV++dUZpRVNtVWvvfE8ZJ+EFoMBs2AeVsDU9UZ3rohkx1jH/xjm/5xqRZkjw60qG9Ye/IiJh/owooIQnQViEoPP1gMp5sG5qNJyZn72yhe9knD/G0F+r19rgqsVOtnMuj4VFUFQRkxMMdsJ/Nf7YVs/ibWvr1h7P8Yu2nNECWHV9kLZ/XcCTwy9Xbnma7xS6ocR1QnQ0VjnlfIHI3uV8EPrsIwZVFST3qszm38fVdy0ptDaVZ9BTN7cEr/2nPENAMZHtt4Dq3slKUaPc2VMoUx9Lokqt3kvQ1EuMJjf1jklO7ULa6LtMZW/uKEAfGfh4W7JWVlsYSCHvoVol+J8J+MsrkWbZIzQTlwOZL+U5xIHJCoW5sa09bpbdDrhLEJAaLVxgKEm++rf9cut/FTv+RS5/kzOAgC849MSLfw9uoTsxwm2HNlg18vQ5YS1i0J98egoSTugZi5Ty9qgPjFbak14hFvc0mAjWvfuk3t5WfrWBsu/Jf++KpU1BD8Eyqwz4uozeYAGYEqo+CyyrGQ="", ""SERVERCERTIFICATESTR"": ""MIIE9DCCAtygAwIBAgIQAM6LfwL7p6ASvTIQRF8WXTANBgkqhkiG9w0BAQ0FADAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMCAXDTI0MDIyODA4MDgyM1oYDzk5OTkxMjMxMjM1OTU5WjAbMRkwFwYDVQQDDBBRdWFzYXIgU2VydmVyIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjov4b5bwQUGjspDf45vbvz3r9LSgb9Zwq6vxRQkmUs//S7xhi+x2dG/aUQtuhfMjYGW788NEUXSuX8PqVNVYpk9G4CbfArWDv+D8ZPTksu5PRZxuGJGORGy0yjxOtmaBBepQUzB50EAuXzg8+6TxC4HowPCzX7Wp+rIE3IL3MYAW7NIWaYN007CGJtDQiTQUL5d2kwe87QmL+tuA+64JmDDAnDtlcUsazV3vo6rmwkIqujoFKj++Taq0YNF7zMLjl9NS9OAsXHBZ/fPquWBtqoe0VFn0leomwIH0RpuUHL72AQDj54/XDE28pSUXRFDcs2EPm4a+x4czZ1tZdYu+m1nG8UUTVXvdqpHZmofm2ICDCIkY8fADxNZdkbnqJKj1PSRLy0CE3X+9Hi3fgxhhE1qbg3uG9uP4ofiNk4LalpRukThcySEvuVSfuc93Nto9I5FbtnPtoltLc8PQ2vt2yPTKqRaqSBa+70VPTMc4UPU4ePvF1kSdFAyA4c6F3/kE9JVEFY8kiZMRh1nOLL8Vqg/rBp2R3NPpFm+O+LSvvcy1ydU5ddB3kRhu3lOkQ6bOBtUnDS2WhAWGdbFXKQ2pBVYr/pkTP6nF8GFacPs8rBeZpM8yZqaYVDfJ7X+7gXShwcFwHGmJF1Axd0s5BybTtGtDQbKfD2ReMaX52cHA/oMCAwEAAaMyMDAwHQYDVR0OBBYEFIAW5uYHGMyNeiscn6viPouYUrZ5MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQENBQADggIBADy+tHLqcX7vMi9KHM/oWD0vdwAO9A2gZF0LkatjdTn8gtZf//aQJ+QTdZIvVl8I3sIoe6NRi/47x9ZyNHfquqkELWxni+9F2a/q5tX4RaQ3z1D+VPNngbz3e6L9hMGwch+U6/ArKqaNRJWzuaqUaa3GUN5ih0XBeujPHGYYfF/cXInwbgbppkTopzUKm3X1ljNZT3KaE8z49p3JN5+T2J3qc+gSEt7OwtDGCSahiFNJe4+4E0p4UVQlIPt1RPydkteqr+3ocvWR8KIpiOG07uJzSR2xH0gVsDNF8/pqbh9hRN70UWW8ur+nqzaK6IJhjwkT3KpWIF59KdCF+uLXjbJR1fLEFE27e6Bh/TBZVsdynvOU7jAOg6+IB6jOo1/hcn7K9mSGyCx1p5mj0bIHAjnIetTdazceLNhLofN9WLiW3pFbM8IflPF2zrmQlSaP3I9X5/qWBeuAoaDXVjnC7BaVBQbvGWyzGgJqGPtonOnZZ+plCzpFqGppMjNNBHcbQbWXv5+fzXXgSlhp24wSyebNTSbXulIILAUuYFTiXvvOcq9H0zsnCj77X5VCqfCcs8BdPvgl9ywWVrSROvk2RpPqn5Pf1ZBIZMOwLdmjbBwwO9uIKkbmDczTBtm4A9hJlhJFQBsPeCsQAbHIhE+rJ26kLZXuMwGsFdpiLMeVL48d"", ""HIDELOGDIRECTORY"": ""false"", ""HIDEINSTALLSUBDIRECTORY"": ""false"", ""INSTALLPATH"": """", ""LOGSPATH"": """", ""UNATTENDEDMODE"": ""true""}}",91[.]92.248.143:1000,expressVPN_CC,8d8b042a-2518-4ae9-b021-0e420445bce0
eef8019c1e981db0f30d2ab1f2981582dd4e3d95844cb08d4961d7628fcab434,hoLME2tcOtc,10/22/2024,Remcos,"{""c2"": [""mariabenitesedd.ydns[.]eu:1880""], ""port"": [], ""campaign"": ""LOS BREEE"", ""mutex"": ""Rmc-SQ0MDK"", ""non_standard"": {""c2_list"": ""mariabenitesedd.ydns[.]eu:1880:1\u001e"", ""botnet"": ""LOS BREEE"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-SQ0MDK"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""AE6C97426D51968E4EA8FBF1A257086C"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIIBADCBpqADAgECAhA/bK072R8ULSeOSr5wUkeEMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA6VI2iU8kQnjaxGQYZ1oOLiaXXpoQjtj7hJtuy1r3G/TBrRcCL/wyrO0LmSJpiu7EB437pCrDvLOwjUeG7tMkYwCgYIKoZIzj0EAwIDSQAwRgIhAOSn37JeyD+DIWNHGE1xcYdm1RrQ8TT8hiLd9UIfm9uuAiEA7GC6L19W5lN5cfD3Rh2Ior++WuiLxQwnvw7H9AP/egA="", ""tls_key"": ""MHcCAQEEIJG09kVEQDINj8+wjHIe85JcOXQro5U9++N24NOCtOYMoAoGCCqGSM49AwEHoUQDQgAEDpUjaJTyRCeNrEZBhnWg4uJpdemhCO2PuEm27LWvcb9MGtFwIv/DKs7QuZImmK7sQHjfukKsO8s7CNR4bu0yRg=="", ""tls_raw_peer_certificate"": ""MIH/MIGmoAMCAQICED1NkqG7jUVs6UE+9lfC9FgwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECd6OUnfQld2gC9x8EQRhtR8SxJVg8oG9XKYRGj3Bl2o3nxXg5UX+DJrxL2ck0tBmDDoUhbl6AoiS4LqLq0jehDAKBggqhkjOPQQDAgNIADBFAiBPs4LgiRbRQ2McVsYAzfd/Q/h5nMAd2ZznwiDFiFSGBQIhANcDTxlBaY+lmnofU7TMD8RRqIs9H3Tqnu3QRNLrm6d0""}}",mariabenitesedd.ydns[.]eu:1880,LOS BREEE,Rmc-SQ0MDK
ef136083843810fb5fbb2fdb4ae38aa5403c765535ee77c4d2169442ac1e1ebc,bbbbb5,1/10/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
ef7dab4a3cca0dd55feffc2796a652a08434419da50f3678b7ee59b88f26eb04,oEODf2tcOtc,10/25/2024,Vidar,"{""c2"": [""hXXps://65[.]109.243.0""], ""port"": [], ""campaign"": """", ""mutex"": """", ""Strings"": [], ""non_standard"": {""dead_drop"": [""hXXps://steamcommunity[.]com/profiles/76561199786602107"", ""hXXps://t[.]me/lpnjoke""]}}",hXXps://65[.]109.243.0,,
efd4e822643307b72a269f9ea51936254e89a608dbf0434aff36dc244def73b7,XsxLO1tcOtc,10/16/2024,Remcos,"{""c2"": [""assaasjdnsubdcdy.con-ip[.]com:1661""], ""port"": [], ""campaign"": ""Vultery"", ""mutex"": ""Rmc-VB4PR7"", ""non_standard"": {""c2_list"": ""assaasjdnsubdcdy.con-ip[.]com:1661:1\u001e"", ""botnet"": ""Vultery"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-VB4PR7"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""86CDB103BEE8F4F4E4BB432E59BB138D"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",assaasjdnsubdcdy.con-ip[.]com:1661,Vultery,Rmc-VB4PR7
efdc724800be5d9872770cb1dd346815b4feb534a256b44d43dfc8b72488f05d,axjwspjyhxt,10/19/2024,HeartCrypt Developer Test Sample,NONE,,,
f092b7606233d1512530c5680b4e4ea17212f24024374bfd96061cd7260a0ffa,Aug   guAgu,8/6/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""dxpam.duckdns[.]org""], ""port"": [""5999""], ""campaign"": ""Default"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""anZMdEVsYU1yVHdNeFAxUFAzOFBTZk8xSURxbzRDUzU="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAIhNlmebb6nSe6ECHjMpYKJ1i7gvMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMDEyODA1MzU1N1oXDTMxMTEwNzA1MzU1N1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALz18kcXxyYRNtzNciIOitqVEEKYOOJZOGjSaWOLKz3M/Df8QpKzt86Y+GK3639BYF/OzJ6i8PyJcI4jCe+L56ytnlJDfAYTzg7df+pvpE6bSgYYgBSEMcKBPrpx6bV5z/V8FOCVqlt9xfM47rHzIs6kOkc0Xu0TqFGxVfi3Koj/AgMBAAGjMjAwMB0GA1UdDgQWBBQOZShjgdZ92lUVGT5AalbF4rcBrDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBABuRWEmIgb/BjPElBrcq4LuUTHLBWgnJN3yXXtFA+Nl/+mYto5FZMUmzz3mbjKRHuzo79jdei4h1vSO9+2gTFWw1mY8HoeEoyL0YExBQMCoUPjpLJEuAydiWBMXXBmv0zPzE3W7zhG6DRe8pXQkZ2yu8c9G4KxXS1ITmSrlJqBQ6"", ""Server_signa_ture"": ""eROjiuz0PWs+xgxamB7sdm3kB9OKtq8I1pPHgtkdiF0h9pw4eJzyp0fCw7zAO7/Q6+ftDqxvY+0OnHCoiErkMARDy55VYX6/gB5S0xXaoVgAqsvboJJN7EtFrwNTMUTPnslStHIwjEI/4a7JpzD5BLO0KCD9qZ2yVxSo7MwJXPE="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Default"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",dxpam.duckdns[.]org,Default,DcRatMutex_qwqdanchun
f2002467bcfe1a5425461a16eac5e65844615f5ac03a9460f58a7afe470340cd,ALX   tcOtc,10/9/2024,Remcos,"{""c2"": [""dfgdfghghfhfh.con-ip[.]com:1665""], ""port"": [], ""campaign"": ""Voltarger"", ""mutex"": ""Rmc-I3REIW"", ""non_standard"": {""c2_list"": ""dfgdfghghfhfh.con-ip[.]com:1665:1\u001e"", ""botnet"": ""Voltarger"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-I3REIW"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""86CDB103BEE8F4F4E4BB432E59BB138D"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",dfgdfghghfhfh.con-ip[.]com:1665,Voltarger,Rmc-I3REIW
f263cbd36fdf367fc9ef32bd9f80f0f459a0a09a5aff4a8f387e771ae20d31b0,gasgff34534c,3/22/2024,Rhadamanthys,NONE,,,
f30f6678ae4d09c772c58422885ccb19993e5b3a60829fda5d2952f6ad1bc146,Sep111peSpe,9/16/2024,XWorm,"{""c2"": [""jorgeperezpu145.con-ip[.]com""], ""port"": [""7000""], ""campaign"": """", ""mutex"": ""2qDNfVQH4a6tkH3l"", ""non_standard"": {""KEY"": ""<123456789>"", ""SPL"": ""<Xwormmm>"", ""Sleep"": ""3"", ""Groub"": ""MELOS"", ""USBNM"": ""USB.exe"", ""mutex"": ""2qDNfVQH4a6tkH3l""}}",jorgeperezpu145.con-ip[.]com,,2qDNfVQH4a6tkH3l
f3c880591e06396f588d5b45c599ba6aef1aae4065d0d55b3560e3547242b697,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,2/27/2024,JesterStealer,NONE,,,
f45120409a844d92a030ebd460309bf48e0ba3deeb8fb341b155554be4b03c3a,Sep111peSpe,9/20/2024,njRat,NONE,,,
f5022957c6f40fc599a45019a635847b229ad94f5c9e636602f5952f3bb662a7,MENOLOVECROWDSTRIKE,10/21/2024,Rhadamanthys,NONE,,,
f5a1ebc9c77a22d4907d6ccbf9be2eeba994d35882cbe79955309863c93d8cb9,5dsadas435235bgdsgdfbvb3253453425345gfdsgfdgdf,2/17/2024,Rhadamanthys,NONE,,,
f5a5e69528ddadb7b7345238884a622eb259728d9c5c1ac69476e5b7af2c545a,b66dd5sss,1/5/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
f5fa9ef14b3deaafb1eb040bac64eb4945bae4795723bdfef6a43a04339f70ba,LStAFAGTUEACCCb,10/2/2024,Rhadamanthys,NONE,,,
f63faeb1bc31fd54621fb2fbcf5430682af5a97e17ae97b4363c42643072b8b0,EFF   tcOtc,10/6/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""uoptyerdg.duckdns[.]org""], ""port"": [""8010""], ""campaign"": ""OCT1"", ""mutex"": ""DcRatMutex_qwqdaGFAssa"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": ""SEPTIEMBRE09.exe"", ""Key"": ""UlFTU1pTY21pR2lGRWF3azlpV2pMQlN0Yk1aSFYycEI="", ""MTX"": ""DcRatMutex_qwqdaGFAssa"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""dJQZX9kjeyJ/ML7JTC7WrBMNI2BudNm9kvRPY2vsj8us1mJPHVRs+PRXcSWQSw18Go6tCiu6KssHF3RAmU5gfhybtwSZbYSHJ04Gkrv7AOPiadUnfB2Ugw1S1uKHi2WKIepgxTUVgNPLxs2PdoJt1CVt1vCimGGsSHQxKHbeHX8="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""OCT1"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",uoptyerdg.duckdns[.]org,Oct1,DcRatMutex_qwqdaGFAssa
f6af00a58dfd72806fcf6b9549cd9c871c127410e7b84d92acb734c16054bc73,Aug222guAgu,8/24/2024,Vidar,"{""c2"": [""hXXps://135[.]181.31.18""], ""port"": [], ""campaign"": ""99a9950fed7b1d95c81a34479cfbefe2"", ""mutex"": """", ""Strings"": [""INSERT_KEY_HERE"", ""GetProcAddress"", ""lstrcatA"", ""OpenEventA"", ""CloseHandle"", ""Sleep"", ""GetUserDefaultLangID"", ""VirtualAllocExNuma"", ""VirtualFree"", ""GetSystemInfo"", ""HeapAlloc"", ""GetComputerNameA"", ""lstrcpyA"", ""GetProcessHeap"", ""GetCurrentProcess"", ""lstrlenA"", ""ExitProcess"", ""GlobalMemoryStatusEx"", ""GetSystemTime"", ""SystemTimeToFileTime"", ""gdi32.dll"", ""user32.dll"", ""crypt32.dll"", ""ntdll.dll"", ""CreateDCA"", ""GetDeviceCaps"", ""ReleaseDC"", ""CryptStringToBinaryA"", ""sscanf"", ""NtQueryInformationProcess"", ""HAL9TH"", ""JohnDoe"", ""DISPLAY"", ""%hu/%hu/%hu"", ""GetEnvironmentVariableA"", ""GetFileAttributesA"", ""GlobalLock"", ""GlobalSize"", ""CreateToolhelp32Snapshot"", ""IsWow64Process"", ""Process32Next"", ""GetLocalTime"", ""GetTimeZoneInformation"", ""GetSystemPowerStatus"", ""GetVolumeInformationA"", ""Process32First"", ""GetLocaleInfoA"", ""GetUserDefaultLocaleName"", ""GetModuleFileNameA"", ""FindNextFileA"", ""SetEnvironmentVariableA"", ""LocalAlloc"", ""GetFileSizeEx"", ""SetFilePointer"", ""FindFirstFileA"", ""VirtualProtect"", ""GetLogicalProcessorInformationEx"", ""GetLastError"", ""MultiByteToWideChar"", ""GlobalFree"", ""WideCharToMultiByte"", ""TerminateProcess"", ""GetCurrentProcessId"", ""rstrtmgr.dll"", ""CreateCompatibleBitmap"", ""SelectObject"", ""BitBlt"", ""DeleteObject"", ""CreateCompatibleDC"", ""GdipGetImageEncodersSize"", ""GdipGetImageEncoders"", ""GdipCreateBitmapFromHBITMAP"", ""GdiplusStartup"", ""GdiplusShutdown"", ""GdipSaveImageToStream"", ""GdipDisposeImage"", ""GetHGlobalFromStream"", ""CreateStreamOnHGlobal"", ""CoUninitialize"", ""CoInitialize"", ""CoCreateInstance"", ""BCryptGenerateSymmetricKey"", ""BCryptCloseAlgorithmProvider"", ""BCryptDecrypt"", ""BCryptSetProperty"", ""BCryptDestroyKey"", ""BCryptOpenAlgorithmProvider"", ""GetWindowRect"", ""GetDesktopWindow"", ""GetDC"", ""EnumDisplayDevicesA"", ""GetKeyboardLayoutList"", ""CharToOemW"", ""RegQueryValueExA"", ""RegEnumKeyExA"", ""RegOpenKeyExA"", ""RegEnumValueA"", ""CryptBinaryToStringA"", ""CryptUnprotectData"", ""SHGetFolderPathA"", ""InternetOpenUrlA"", ""InternetConnectA"", ""InternetCloseHandle"", ""InternetOpenA"", ""HttpSendRequestA"", ""HttpOpenRequestA"", ""InternetReadFile"", ""InternetCrackUrlA"", ""StrStrA"", ""PathMatchSpecA"", ""GetModuleFileNameExA"", ""RmStartSession"", ""RmRegisterResources"", ""RmEndSession"", ""sqlite3_open"", ""sqlite3_prepare_v2"", ""sqlite3_step"", ""sqlite3_column_text"", ""sqlite3_finalize"", ""sqlite3_close"", ""sqlite3_column_bytes"", ""sqlite3_column_blob"", ""encrypted_key"", ""PATH"", ""C:\\ProgramData\\nss3.dll"", ""NSS_Shutdown"", ""PK11_GetInternalKeySlot"", ""PK11_FreeSlot"", ""PK11_Authenticate"", ""PK11SDR_Decrypt"", ""C:\\ProgramData\\"", ""SELECT origin_url, username_value, password_value FROM logins"", ""Soft: "", ""Host: "", ""Login: "", ""Password: "", ""Opera"", ""OperaGX"", ""Network"", ""Cookies"", "".txt"", ""TRUE"", ""FALSE"", ""SELECT name, value FROM autofill"", ""History"", ""SELECT url FROM urls LIMIT 1000"", ""CC"", ""SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards"", ""Name: "", ""Month: "", ""Year: "", ""Card: "", ""Cookies"", ""Login Data"", ""History"", ""formSubmitURL"", ""usernameField"", ""encryptedUsername"", ""encryptedPassword"", ""guid"", ""SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies"", ""SELECT fieldname, value FROM moz_formhistory"", ""SELECT url FROM moz_places LIMIT 1000"", ""cookies[.]sqlite"", ""formhistory[.]sqlite"", ""places[.]sqlite"", ""Plugins"", ""Local Extension Settings"", ""Sync Extension Settings"", ""Opera Stable"", ""Opera GX Stable"", ""CURRENT"", ""chrome-extension_"", ""_0.indexeddb[.]leveldb"", ""profiles[.]ini"", ""chrome"", ""opera"", ""firefox"", ""Wallets"", ""%08lX%04lX%lu"", ""SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"", ""x64"", ""%d/%d/%d %d:%d:%d"", ""HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"", ""ProcessorNameString"", ""SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall"", ""DisplayVersion"", ""msvcp140.dll"", ""softokn3.dll"", ""vcruntime140.dll"", ""\\Temp\\"", "".exe"", ""runas"", ""open"", ""%LOCALAPPDATA%"", ""%USERPROFILE%"", ""%PROGRAMFILES%"", ""%PROGRAMFILES_86%"", ""*.lnk"", ""Files"", ""\\Local Storage\\leveldb\\CURRENT"", ""\\Local Storage\\leveldb"", ""\\Telegram Desktop\\"", ""D877F783D5D3EF8C*"", ""map*"", ""A7FDF864FBC10B77*"", ""A92DAA6EA6F891F2*"", ""F8806DD0C461824F*"", ""Tox"", ""*.tox"", ""*.ini"", ""Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\13.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\\14.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Office\u000e.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\"", ""Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676\\"", ""\\Outlook\\accounts[.]txt"", ""Pidgin"", ""accounts[.]xml"", ""token: "", ""Software\\Valve\\Steam"", ""ssfn*"", ""config[.]vdf"", ""DialogConfig[.]vdf"", ""DialogConfigOverlay*.vdf"", ""libraryfolders[.]vdf"", ""loginusers[.]vdf"", ""\\Steam\\"", ""\\Discord\\tokens[.]txt"", ""/c timeout /t 5 & del /f /q \"""", ""\"" & del \""C:\\ProgramData\\*.dll\""\"" & exit"", ""C:\\Windows\\system32\\cmd.exe"", ""Content-Type: multipart/form-data; boundary=----"", ""Content-Disposition: form-data; name=\"""", ""build"", ""token"", ""message"", ""ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"", ""screenshot[.]jpg""], ""non_standard"": {""dead_drop"": [""hXXps://steamcommunity[.]com/profiles/76561199761128941"", ""hXXps://t[.]me/iyigunl""], ""version"": ""10.8""}}",hXXps://135[.]181.31.18,99a9950fed7b1d95c81a34479cfbefe2,
f6e8f0e1d7b6336e3759600448fcaff0fd24163e3cd0ef4e9469b5ae6b178b3e,sentinelone,4/20/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
f85e2a0cf2bf6c8f5c7657fbcd3fff12a72385d2b1382994f75853566812b0a3,CROWDSTRIKE,6/4/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""globalserverwindows.duckdns[.]org""], ""port"": [""3030""], ""campaign"": ""ENVIO"", ""mutex"": ""vqBjf96qL0afw3CG-qxosg"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""eEtZRzdGU2NFSlF5WXl1UDJIbzBLUXFzbmNuYjVMVUM="", ""MTX"": ""vqBjf96qL0afw3CG-qxosg"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVALioZC/2aE0iKcezeec58B4BBE41MA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDcxNDEyNTgyNloXDTM0MDQyMjEyNTgyNlowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJgC2Z1LCePECMpC4iOxQTZ9tyHz6FaqYYvHfk8Wxxfo/VYw5zIpYqJ+i1WLo2w60zhKIKb3X6UNxiUGfw5iPCTSZcY7tVqJzaT7aC3ReOCBv8aBPqxmDc28nop6vWDM8XviV72Bfn4JMBJTpMzaCa7HiLltG9ImDNWU3Cd6FdndAgMBAAGjMjAwMB0GA1UdDgQWBBT/b6Gm031oZwWfvR8LV7vd1+2j4TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAFwJqwys12BgiX2oQYsvNg3QupHF+uDATscsH5t9FMH9neJuQ/M5xXCnYg0CVmJQ9Nlp4qEzx9a+vfpF8h2hAEMWrgh1vm0OpSvvmNOBq+y/JlY8sXhGksSYcX6vEH6LGuhgv+d63NKamgh7exHzYY5+ruM7mMgNJeA51BAoMbcw"", ""Server_signa_ture"": ""MHrZr6uj6hG/barsIfLRFRP8s4VHDJ/aix2m9hC+lQ4D60IjHIDDEK5cZetTha2jBuLT2LgdRFVKyzuVvkkQrMHIgntoCyfg+LGJGyRrjfK7g0tzAarF6eYdklo4wryd2Vc4EMHjuqW8QWrFyKLzK88PWMg7bpvBoAXABPZsjPU="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""ENVIO"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",globalserverwindows.duckdns[.]org,ENVIO,vqBjf96qL0afw3CG-qxosg
f8650a0f5e6f8dcaa40fec55f5ae8e3a299f7a085557fea4eafa44ce6bbda06b,f;N2lmH2Pp:,10/19/2024,HeartCrypt Developer Test Sample,NONE,,,
fa21fa9b327cab8e4d615ab196b9da0156e5ebadf9fa7f7af2da83dbed1067fc,GGGSADEFFTL,7/29/2024,njRat,NONE,,,
fa244cc3fa7784bd21fc95a6e7a311686b6875ba0b770a1e6383481edc95973a,MTGNSGNADS,4/29/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""comercialnuevoan20.casacam[.]net""], ""port"": [""7097""], ""campaign"": ""TITANIUM FUD-1 "", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""VGMzdnVwR0xxUlJDZmdNSW5zSk0yUnZZaDRFaUZHcDA="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n"", ""Server_signa_ture"": ""MCMfjGPhZRz/+bGE+itjIkdz6zucFb9u4SWyj25QsuCnRAKiarRglQWPbFSOjMZJCXr8Y64V2m30DpGkUicDZWqTrKdslhHrUFDVq2cC0ViHZ/+UbxjniQKx8gV8DQ38f6/l84osuATstumu7WJEHWz06wxEYPTLGJkW532c24w="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""TITANIUM FUD-1 "", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",comercialnuevoan20.casacam[.]net,TITANIUM FUD-1,DcRatMutex_qwqdanchun
fa371ec6989dfd58743662bd5ef22639b7cd476f9640d9c398d97c4099b4a1bd,oXCEd3tcOtc,10/30/2024,Remcos,"{""c2"": [""comunion992.linkpc[.]net:3019""], ""port"": [], ""campaign"": ""VERDES"", ""mutex"": ""jefwwoboewfpmefi-FDODC3"", ""non_standard"": {""c2_list"": ""comunion992.linkpc[.]net:3019:0\u001e"", ""botnet"": ""VERDES"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""500000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""jefwwoboewfpmefi-FDODC3"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""registros[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Capturas de pantalla"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 1, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""datos"", ""enable_watchdog_flag"": 0, ""license"": ""B6C491A32A67ABEAF5119B1E1658CBF5"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": """", ""tls_key"": """", ""tls_raw_peer_certificate"": """"}}",comunion992.linkpc[.]net:3019,VERDES,jefwwoboewfpmefi-FDODC3
fa401a2b2a81beb78852587e2c717cf8a7f623b8ac2f55bc399609428f6237b6,Sep   peSpe,9/1/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
fa40bc120367a0035e72eccef07576cb16ff36b08dd051e751a481de1f2dbf9f,Sep111peSpe,9/15/2024,HeartCrypt Developer Test Sample,NONE,,,
fb26dcd89930afef0012125087704a3564d8ef0a37c3c6c021b42071ad273ceb,NOOSADEFFTL,7/14/2024,Remcos,"{""c2"": [""127[.]0.0.1:2404""], ""port"": [], ""campaign"": ""RemoteHost"", ""mutex"": ""Rmc-52SPIJ"", ""non_standard"": {""c2_list"": ""127[.]0.0.1:2404:1\u001e"", ""botnet"": ""RemoteHost"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-52SPIJ"", ""keylogger_mode"": 0, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 2, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": """", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICECyq0dC6qQr+Hv2V9QM3uqcwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZTAKBggqhkjOPQQDAgNIADBFAiEAsNMXIJvWxp997X+wkfoZ+aNRQ/F+y4UKwth7Vn9PPnsCIEy6sU5zohMDu7YRBxvrBk12twTKU7msOfRjcZPv8XLQ"", ""tls_key"": ""MHcCAQEEIPh5Cln/kkGKIQHHvBEywdytsvdqHkePDPk5Ud/t9sAJoAoGCCqGSM49AwEHoUQDQgAEdrdLQy42Mpn3IIYRJ2M3+yF21CLyLrOnzJYt9pkS9tD25/19cz99/hh6XbCh/X6lkduGZSLQOrKNIRElI58SZQ=="", ""tls_raw_peer_certificate"": ""MIH+MIGmoAMCAQICEG3vLiwgsA2EwhiaFtqI9IQwCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwP4wsetvUB9BVeB5KGkhFjJJoBjHvOcr3civBrd7vSVCfdzC45I1JUkFbE/V0Cvr3Srw9Govd0OBlmaqWZM0ZjAKBggqhkjOPQQDAgNHADBEAiA+k1x/mgOuo3xlHJ81zNOx/7FqyAa+NzPTyQQOJVWDcAIgNOovDbZqGlCN19pFZjYwqJecVDlCfKe+1zDwKfkvYmw=""}}",127[.]0.0.1:2404,RemoteHost,Rmc-52SPIJ
fb93b35a327f72fbda95a1f785e658a938fe86086f232b3781333551742e1641,dEaCE2tcOtc,10/23/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""octubre212024.giize[.]com""], ""port"": [""2727""], ""campaign"": ""SNOW"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""NElBVkNvRGVTaE5Kb05TTlIzdHBrMlp5SmVJVmgyWmg="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAIGBz6Y+7gj2nikjFjRUrU+W1e6pMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMTIwMTE4NTMxOVoXDTM0MDkwOTE4NTMxOVowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ7RkCU5e5ZZGOVZ75AKjw+32BE4r7Gh+NDIHidnET15r/o8cPJFvS5gpG4+iibf2Z0nRFnEuoTMJw07xCT/SG57sbHxxQWqLy+MzOO9Ja6xoYoZtHX2eKqlB8q/A+zgAA/ncmt7XysT58Qj/RJ8VVdvTNW2XqUpu67cC4U/VowjAgMBAAGjMjAwMB0GA1UdDgQWBBQGF84dbwRGs8dcAxJjYPEQ0vFz8DAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAGElFBgck3Tl9JJ+akExL1Hf05KnfjNQqJh1Pb+sJI9mnuysEVbl9VfAwBmKCdvydwyWbc7opnIfL95l3s1WxqDM2iMqdHvKJAAqrdKbS+41ISGFkJYIApAxxE8iY2y0Nc9h4uS4wQ7EA95s0iYS3FU6a3fTiuBtdWqpIkSmIB3N"", ""Server_signa_ture"": ""f2Wkfn5adMGELu3DfDMW4Ijhuf3EwosUZDWUhbNff2WYaI+bKcqGdDcmiEqwqcE4CvuWu0xQBPt4zN7Y7E41MEqDGTulBAsv3Mw31P3eYrzvXseMAbMBb19v6efkM36a0IgVorfyn9C8XsIRU5ulUeuhfrUm2ASejDD1TaL+/DI="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""SNOW"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",octubre212024.giize[.]com,SNOW,DcRatMutex_qwqdanchun
fbcaf5798179ba00092f98c6edb5bb86414970c61e059cfdf5ab3ac8d3fc16a5,MTGNSGNADS,7/7/2024,LummaStealer,"{""c2"": [""barebrilliancedkoso[.]shop"", ""parallelmercywksoffw[.]shop"", ""ohfantasyproclaiwlo[.]shop"", ""landdumpycolorwskfw[.]shop"", ""flourhishdiscovrw[.]shop"", ""conferencefreckewl[.]shop"", ""notoriousdcellkw[.]shop"", ""liabiliytshareodlkv[.]shop"", ""toothsomedicisivew[.]shop""], ""port"": [], ""campaign"": ""JangOo--"", ""mutex"": """", ""non_standard"": {}}","barebrilliancedkoso[.]shop,parallelmercywksoffw[.]shop,ohfantasyproclaiwlo[.]shop,landdumpycolorwskfw[.]shop,flourhishdiscovrw[.]shop,conferencefreckewl[.]shop,notoriousdcellkw[.]shop,liabiliytshareodlkv[.]shop,toothsomedicisivew[.]shop",JangOo--,
fc25ed1a9b3d16798d3a105e22dd484693a5452c1419f94a58e22a5388891504,gasgff34534c,3/26/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""reverseproxy.con-ip[.]com""], ""port"": [""4000""], ""campaign"": ""Sendero - 20 - 2024"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""ZzlnYXE1SGRKdXhWcnM4NFh1SXJoRDF1RTRnU1lENE4="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAPdJPjCx7pYvZ/1H2FuVvfr12RcjMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIxMTIwOTIwNDY0MFoXDTMyMDkxNzIwNDY0MFowEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIdi7KwbsK/emE6cPt5dZ26vDX2Y83z/zgIxipJ87lhQuqMSOuy1QkrgJX5XUNz5PQ/por9QVFR5PVqci3gzZBm4mS0970/CqX0XE17ywsS5ihs30fR1pRTF+KLeYPAhpBAEwkbVvNJ8utU4idXRMpI7gg5vAL+p9y7f2zNpTlqHAgMBAAGjMjAwMB0GA1UdDgQWBBT7xqJBZyhpISmxeSGJdX5wNfGQKjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBACPGgtV6HR59DKCJKnhxSiNBDaLWjqMXxZjteXm0LLJbcuuWfZjE+XQi/qOGRNlZJwtrGrH3Va7j+e7tHhkr1zK5otNfeFw+GhFOv1pdsPpCoW1aj/ukciyZu/sPkMF/k/Z4cWXWQ5BFr58Piru6U+23EAzNY03x1oKE8m+gAs3L"", ""Server_signa_ture"": ""UQpTmmFVdvnmxYquGpEAEgbFQpnrtmkzXm9m+tadNWL+dKBD5RZv7niEeZKLwXi1hZ611fdiI5NoY/xy9tPJLnZcnWKHQupyxtT/J8sfYR6iAYcW9Vm7X3MICWPmWAH+idMfPKCqCnTBoURVdKeWXE+Ie6EBq3MvzPWvHTAIVV0="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""Sendero - 20 - 2024"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",reverseproxy.con-ip[.]com,Sendero - 20 - 2024,DcRatMutex_qwqdanchun
fca010ff672c62a6c92f94a12b78fa1e019f37cc0dfc622e29813991e6875ca7,,6/25/2024,QwqdanchunRat (Quasar Fork),"{""c2"": [""diosayudamesenor.dynuddns[.]net""], ""port"": [""22207""], ""campaign"": ""0019Junio"", ""mutex"": ""DcRatMutex_qwqdanchun"", ""non_standard"": {""Ver_sion"": "" 1.0.7"", ""In_stall"": ""false"", ""Install_Folder"": ""%AppData%"", ""Install_File"": """", ""Key"": ""QTBxTXhhUExSRWZTODZKWWI2cEp4bmhhUlJIV09DVmI="", ""MTX"": ""DcRatMutex_qwqdanchun"", ""Certifi_cate"": ""MIICMDCCAZmgAwIBAgIVAMaBeR9P3Ul+SdXWCbf4dEVfPoRFMA0GCSqGSIb3DQEBDQUAMGQxFTATBgNVBAMMDERjUmF0IFNlcnZlcjETMBEGA1UECwwKcXdxZGFuY2h1bjEcMBoGA1UECgwTRGNSYXQgQnkgcXdxZGFuY2h1bjELMAkGA1UEBwwCU0gxCzAJBgNVBAYTAkNOMB4XDTIzMDIwNDE1MDcxN1oXDTMzMTExMzE1MDcxN1owEDEOMAwGA1UEAwwFRGNSYXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKc8o3jPsEuo8oWGV/dKkjetOpEe003VLgZvyH72e4hhVOKpVhCoXfNzypj62QwbJzZNiJEjKbHcMIBTj6FXTcN0crxDt9y9Zkqcv5bHQt7qEhSGlQDWusiPiFi/ZUm5aABL1L3ZDlEq0EomTSE+zogqLxeR4JBAsV0AR4buL7SRAgMBAAGjMjAwMB0GA1UdDgQWBBQmwIernSRvdh/MqJJVki/p4G9lwDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4GBAIQGk5vP6qdN4EaKNY/YrbRS91Tu9QPKlufTNOzSlJxuxr062vtdFPTQylkVTc+MeL3xUB8gBMAixsOc/vHhhjk6N+XsPz/AvA0eRze9Tje1kzVx/fH+uv1/dBFR0/I8hyBB6C1MxQ5E4tNT4z0yGxYsRw0P9j2sVHbmQKMh1R2n"", ""Server_signa_ture"": ""Rwt7HMCHfDInbxwwonMz7/zfTxTwf4oim3r1xRBwZAzjxjCwFheMb+14y4lvWj6cPo7SK34byQloaEVaxMJ6ILyPFBX9J+vaWuy+jwIRVnH+SlJMq8JA3IOcWyi/WijQisTHwus3nfr6xQelAhEzBotykq8RVD0QzVWzdkP91fw="", ""Paste_bin"": ""null"", ""BS_OD"": ""false"", ""Hw_id"": 0, ""De_lay"": ""1"", ""Group"": ""0019Junio"", ""Anti_Process"": ""false"", ""An_ti"": ""false""}}",diosayudamesenor.dynuddns[.]net,0019Junio,DcRatMutex_qwqdanchun
fcc5d7800d4b249f6f3b3a083c4ae1d626a7e97b0364afcb499064e882b66b28,EFF   tcOtc,10/1/2024,LummaStealer,"{""c2"": [""absorptioniw[.]site"", ""mysterisop[.]site"", ""snarlypagowo[.]site"", ""treatynreit[.]site"", ""chorusarorp[.]site"", ""abnomalrkmu[.]site"", ""soldiefieop[.]site"", ""questionsmw[.]store"", ""veinyjsuwk[.]site""], ""port"": [], ""campaign"": ""YT6gHy--"", ""mutex"": """", ""non_standard"": {}}","absorptioniw[.]site,mysterisop[.]site,snarlypagowo[.]site,treatynreit[.]site,chorusarorp[.]site,abnomalrkmu[.]site,soldiefieop[.]site,questionsmw[.]store,veinyjsuwk[.]site",YT6gHy--,
fd65a36e69c42ab79d3511669560c83de0aad638a178029363aff56afe144911,Aug222guAgu,8/24/2024,Rhadamanthys,NONE,,,
fe810f2f7406764ede9dbed620a2c029755bc3459d2712f6b2e45030edb8aa43,CROWDSTRIKE,4/27/2024,DarkGate,NONE,,,
ff4a8be4e90fd047718103a1527a2d0a452f76fdbd2c18de9d98d7c2ab4926c6,CFEAE1tcOtc,10/11/2024,Remcos,"{""c2"": [""octubre100.con-ip[.]com:7773""], ""port"": [], ""campaign"": ""BENDECIDOS"", ""mutex"": ""Rmc-14SEP6"", ""non_standard"": {""c2_list"": ""octubre100.con-ip[.]com:7773:1\u001e"", ""botnet"": ""BENDECIDOS"", ""connect_interval"": 1, ""enable_install_flag"": 0, ""enable_hkcu_run_persistence_flag"": 1, ""enable_hklm_run_persistence_flag"": 1, ""keylogger_maximum_file_size"": ""100000"", ""enable_hklm_policies_explorer_run_flag"": 0, ""install_parent_directory"": 8, ""install_filename"": ""remcos.exe"", ""enable_persistence_directory_and_binary_hiding_flag"": 0, ""enable_process_injection_flag"": 0, ""mutex"": ""Rmc-14SEP6"", ""keylogger_mode"": 1, ""keylogger_parent_directory"": 8, ""keylogger_filename"": ""logs[.]dat"", ""enable_keylogger_file_encryption_flag"": 0, ""enable_keylogger_file_hiding_flag"": 0, ""enable_screenshot_flag"": 0, ""screenshot_interval_in_minutes"": 10, ""enable_screenshot_specific_window_names_flag"": 0, ""screenshot_specific_window_names"": 0, ""screenshot_specific_window_names_interval_in_seconds"": 5, ""screenshot_parent_directory"": 6, ""screenshot_folder"": ""Screenshots"", ""enable_screenshot_encryption_flag"": 0, ""enable_audio_recording_flag"": 0, ""audio_recording_duration_in_minutes"": 5, ""audio_record_parent_directory"": 5, ""audio_record_folder"": ""MicRecords"", ""disable_uac_flag"": 0, ""logging_mode"": 0, ""connect_delay_in_second"": 0, ""keylogger_specific_window_names"": 0, ""enable_browser_cleaning_on_startup_flag"": 0, ""enable_browser_cleaning_only_for_the_first_run_flag"": 1, ""browser_cleaning_sleep_time_in_minutes"": 0, ""enable_uac_bypass_flag"": 0, ""install_directory"": ""Remcos"", ""keylogger_root_directory"": ""remcos"", ""enable_watchdog_flag"": 0, ""license"": ""E72B904DDBEB179C52FD89AFD403808C"", ""enable_screenshot_mouse_drawing_flag"": 0, ""tls_raw_certificate"": ""MIH/MIGmoAMCAQICEEXRPyHAU+i0XClFtLLozd0wCgYIKoZIzj0EAwIwADAiGA8xOTcwMDEwMTAwMDAwMFoYDzIwOTAxMjMxMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgzAKBggqhkjOPQQDAgNIADBFAiBUcWvaxuUnpbxlhTmWEcnNtczlEXkRbUYoYCN+2VEZ1AIhALym5a5Ib2YXMN1rGi3FQzTjiXDMfTh6IufwChk8n/N9"", ""tls_key"": ""MHcCAQEEILUsPsd+8u6gorQ6vplb6DQet9vOAwT8PHYYn7RI4380oAoGCCqGSM49AwEHoUQDQgAE3JPa5NStPTFSzUFC/z4jpiFtSaZQ8jxUCrV0voM1MzYrPuUAb8DbgKIv9FHrRNQW+oBWKmhn9D99WsPyGeVhgw=="", ""tls_raw_peer_certificate"": ""MIIBADCBpqADAgECAhA1EEVwbinJOEquCzdLDyBzMAoGCCqGSM49BAMCMAAwIhgPMTk3MDAxMDEwMDAwMDBaGA8yMDkwMTIzMTAwMDAwMFowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBDpkDyifvMvFU5G4T3X4NPgXSbjGygT9OXvKUN63IttHTejMFBes+ICPd+lF2i9ExWAYDh5oBbrexLrzNGdz3swCgYIKoZIzj0EAwIDSQAwRgIhAPHte18FxAxdCBRRd8kvfkylLF5k+QOnpkoeqXwRtdOWAiEA00CVbIQ6r4v8EeB0rQ5nIFgk+SYWWjNa+B3sBZoNlzY=""}}",octubre100.con-ip[.]com:7773,BENDECIDOS,Rmc-14SEP6
ff6afa0a84c58aa0d8a64df82680040ab58bf50e1cd2a8eb3e317f7f47843ecd,bbbbb5,1/11/2024,HeartCrypt (Nested Payload),NONE,,,