General
-
Target
fb.exe
-
Size
1.1MB
-
Sample
211001-n9e7gabgcr
-
MD5
4501de26ee17fce29827b6770c136a99
-
SHA1
b216aa4742e7a7705d8a217e25627f2ced78b48d
-
SHA256
87c3d0e1727010e32ebc927d61ae6f4b0df6031af616a56a459899478e719c15
-
SHA512
e884d435c72899bf91a55533f6502faffb5a450c3ae695d08fd182cdfc0b90624595852aae1848abe06ed13f5943a9f5cf50d935972aad3ee0884cbc58fbbbfd
Static task
static1
Behavioral task
behavioral1
Sample
fb.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
fb.exe
Resource
win10-en-20210920
Malware Config
Extracted
remcos
3.1.4 Pro
RemoteHost
7980.duckdns.org:7980
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-CZYR8X
-
screenshot_crypt
false
-
screenshot_flag
true
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
fb.exe
-
Size
1.1MB
-
MD5
4501de26ee17fce29827b6770c136a99
-
SHA1
b216aa4742e7a7705d8a217e25627f2ced78b48d
-
SHA256
87c3d0e1727010e32ebc927d61ae6f4b0df6031af616a56a459899478e719c15
-
SHA512
e884d435c72899bf91a55533f6502faffb5a450c3ae695d08fd182cdfc0b90624595852aae1848abe06ed13f5943a9f5cf50d935972aad3ee0884cbc58fbbbfd
Score10/10-
Suspicious use of SetThreadContext
-