General
-
Target
Request for quotation,pdf.exe
-
Size
607KB
-
Sample
211216-pjw8qscaf2
-
MD5
0d8326f60911be3f5c0662eb33d52f25
-
SHA1
d4a33d7c5998e076f5fe4b16544c87fd6f82b144
-
SHA256
e3c4caeafd8e19662239571bd3eee795d2ffb003953ce5eb06026a1be72b32e0
-
SHA512
8dfb7853f4f54940baeaf1389b393fcc5e3ed5116ce586b50827f851ac9a72fb8200ab54f0100a8e54d341e182a0a0521fd8721433deb0a9dd4ee07c2cd9cb07
Static task
static1
Behavioral task
behavioral1
Sample
Request for quotation,pdf.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Request for quotation,pdf.exe
Resource
win10-en-20211208
Malware Config
Extracted
remcos
3.2.0 Pro
ZUBBY
newlogs.ddns.net:4312
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-8UKXGF
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
Request for quotation,pdf.exe
-
Size
607KB
-
MD5
0d8326f60911be3f5c0662eb33d52f25
-
SHA1
d4a33d7c5998e076f5fe4b16544c87fd6f82b144
-
SHA256
e3c4caeafd8e19662239571bd3eee795d2ffb003953ce5eb06026a1be72b32e0
-
SHA512
8dfb7853f4f54940baeaf1389b393fcc5e3ed5116ce586b50827f851ac9a72fb8200ab54f0100a8e54d341e182a0a0521fd8721433deb0a9dd4ee07c2cd9cb07
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-