General
-
Target
AW QUOTE 21505 HQ1-Scan-068703_PDF.exe
-
Size
1.2MB
-
Sample
210920-jyqfvagaan
-
MD5
0d9247623d85ba75b83f909d98caae11
-
SHA1
1377ea7e6b909283bb4b4457aea6801aca70d552
-
SHA256
5cddd352c21b35aa01f2353d74e3dedef3bde4b4dee56e61c696319ec9237b36
-
SHA512
c451a33bbacc1e0b2f1f9dc01f7fc684835fb57a5b17384a161f88ab531411648927b74fe3dc8b4f2c56d88cde6bb81fd24715e11b6793645b7d9ca80767cacc
Static task
static1
Behavioral task
behavioral1
Sample
AW QUOTE 21505 HQ1-Scan-068703_PDF.exe
Resource
win7-en-20210916
Malware Config
Extracted
remcos
3.2.1 Pro
crd2
103.114.136:2405
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
win-9PIVYS
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
AW QUOTE 21505 HQ1-Scan-068703_PDF.exe
-
Size
1.2MB
-
MD5
0d9247623d85ba75b83f909d98caae11
-
SHA1
1377ea7e6b909283bb4b4457aea6801aca70d552
-
SHA256
5cddd352c21b35aa01f2353d74e3dedef3bde4b4dee56e61c696319ec9237b36
-
SHA512
c451a33bbacc1e0b2f1f9dc01f7fc684835fb57a5b17384a161f88ab531411648927b74fe3dc8b4f2c56d88cde6bb81fd24715e11b6793645b7d9ca80767cacc
-
Suspicious use of SetThreadContext
-