General
-
Target
MTB1056 Proforma.lzh
-
Size
298KB
-
Sample
211005-qbl88sabem
-
MD5
435da9c8758341a39aca24bf69d9e3ac
-
SHA1
3ab8b91e74ac2588742a969823922903982bcdd6
-
SHA256
5adbc7c03db65599504380ed34ab2336f767d062dd4cf2445c2bc0c25af7abb3
-
SHA512
ebf95c9532c7d8b743242b5f4c08a323b4f28764a87ec1857577425cecee5a66351f6fa106207761429259363440b12a33721f99c4a64688e601913eeedbcd5e
Static task
static1
Behavioral task
behavioral1
Sample
MTB1056 Proforma.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
MTB1056 Proforma.exe
Resource
win10-en-20210920
Malware Config
Extracted
remcos
3.1.4 Pro
PANDA
emedoo.ddns.net:35890
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Vlc
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-3LQVLY
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
MTB1056 Proforma.exe
-
Size
811KB
-
MD5
c050088cde2c6e479d294c4eda274c78
-
SHA1
ae1451a744a05d4984c4064275fa7366cdfb3d07
-
SHA256
662eecce48bec8dc6ebb8dc123713a3dfb97dc2514ddb3396d88cf855267f2bb
-
SHA512
a3bab9e01625a9f3a766f51e4397362464ba94c150bb3a47bbd8bc91a912b17979bb3906700a89cb2d39093f9d363cbd86dfb3ab2ab91b7c35d8ff59450d7726
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-