General
-
Target
Purchase Order.exe
-
Size
246KB
-
Sample
211025-mw9y9aghdr
-
MD5
b48b71d44037bf1e07d0284b8611f9e6
-
SHA1
9ca3d67a31c738c779cea681020bb27e3f25d829
-
SHA256
3a2b6b7cd1cec006f28a7e4d69c14273a7b3de368c273840ea5c6f2b9d62e50d
-
SHA512
565340c000f208450e5287cc0ccb04b51459d198765da4484e96ecb6f3af902b525e75d4b3383b93ca0f11154d50e8d7ade8715a7976daebacdf871f8c3df993
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10-en-20210920
Malware Config
Extracted
remcos
1.7 Pro
Host
dera33.ddns.net:1186
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
ddrw.exe
- copy_folder
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
remcos_xvhyzfmlwvsqhfc
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
win
-
take_screenshot_option
false
-
take_screenshot_time
5
- take_screenshot_title
Targets
-
-
Target
Purchase Order.exe
-
Size
246KB
-
MD5
b48b71d44037bf1e07d0284b8611f9e6
-
SHA1
9ca3d67a31c738c779cea681020bb27e3f25d829
-
SHA256
3a2b6b7cd1cec006f28a7e4d69c14273a7b3de368c273840ea5c6f2b9d62e50d
-
SHA512
565340c000f208450e5287cc0ccb04b51459d198765da4484e96ecb6f3af902b525e75d4b3383b93ca0f11154d50e8d7ade8715a7976daebacdf871f8c3df993
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-