General
-
Target
SPECIFICATIONS DOCS 2021.20.10.rar
-
Size
649KB
-
Sample
211021-anb12aafak
-
MD5
69cc13463c8567ec19852dacc6dfeba8
-
SHA1
161516cc818212c285d5873daec54b60e5c03d26
-
SHA256
656798de9a312f93d3865a35750fc46e8fb382054c32dcdab85d9f49d2801bab
-
SHA512
0db0ffef63849ede7cb3b95efcf7290e9c5ced05c206fd53979ebc67c6911ca15df445a94c462ad1c0ca47f9238d4bac23317d19262ba1b692081d969eda68e6
Static task
static1
Behavioral task
behavioral1
Sample
SPECIFICATIONS DOCS 2021.20.10.exe
Resource
win7-en-20210920
Malware Config
Extracted
remcos
3.1.4 Pro
servers
kashbilly2.ddns.net:6060
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-XI8GX1
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
SPECIFICATIONS DOCS 2021.20.10.exe
-
Size
706KB
-
MD5
d3f5cc4888e982cef9efbce21c381960
-
SHA1
27232e77ad11ba1797d4ef7aa966cb31bdef7cbe
-
SHA256
54d9e04a23e8117c940b8e6e46335aec76138fe38bc6423207ef98223516a0f9
-
SHA512
8107ddfce14d3e4c38e64f18ce5ba8cb35dc1e5e6299928d345076ed94a4d99117f93941393aec99977f281ac56894a75d7c1925934c2cd7d984d5afe4a106c2
-
Suspicious use of SetThreadContext
-