General
-
Target
DHL_119040 receipt document,pdf.exe
-
Size
686KB
-
Sample
211022-j29znacbhr
-
MD5
052f9ca00b96e53de2d50745b56322f9
-
SHA1
e50a85146587f30aea48e9ec5ca7044d2e997728
-
SHA256
e7de0f165f8c5b38c60cf57edf5277ce09ea31bf46aa31f1b6bdc011a5e248e3
-
SHA512
52d8c137b966571a623b12770e91a9044e6b71e0af6f54188bf6833950e68e41301afcf74f754c186ae6249ca1ffa6da21554566a7782652b74b1c191d67d594
Static task
static1
Behavioral task
behavioral1
Sample
DHL_119040 receipt document,pdf.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
DHL_119040 receipt document,pdf.exe
Resource
win10-en-20210920
Malware Config
Extracted
remcos
3.3.0 Pro
ASEDEYGO
ckay4real.hopto.org:7676
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-1X6NRY
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
DHL_119040 receipt document,pdf.exe
-
Size
686KB
-
MD5
052f9ca00b96e53de2d50745b56322f9
-
SHA1
e50a85146587f30aea48e9ec5ca7044d2e997728
-
SHA256
e7de0f165f8c5b38c60cf57edf5277ce09ea31bf46aa31f1b6bdc011a5e248e3
-
SHA512
52d8c137b966571a623b12770e91a9044e6b71e0af6f54188bf6833950e68e41301afcf74f754c186ae6249ca1ffa6da21554566a7782652b74b1c191d67d594
Score10/10-
suricata: ET MALWARE Remocs 3.x Unencrypted Checkin
suricata: ET MALWARE Remocs 3.x Unencrypted Checkin
-
suricata: ET MALWARE Remocs 3.x Unencrypted Server Response
suricata: ET MALWARE Remocs 3.x Unencrypted Server Response
-
Adds Run key to start application
-