General
-
Target
baea1e30a52ec0ae882f09ea035829dc1a68a65495e0ad953a5235d3a448f19e
-
Size
340KB
-
Sample
220119-var6babff6
-
MD5
45a7c49918481a1a4035811b99c6c9ad
-
SHA1
4f7efdf3aa9a83153098b69b6e625132b7f3a92f
-
SHA256
baea1e30a52ec0ae882f09ea035829dc1a68a65495e0ad953a5235d3a448f19e
-
SHA512
18ffb5328d419c27dd8762e97b2abe162b8d28dd3daf09f70b6de48f235e50f134e1ed1b038a113af38a2b7036a994cef0f8baf361c06fd1322dd94e8ed95eeb
Static task
static1
Behavioral task
behavioral1
Sample
baea1e30a52ec0ae882f09ea035829dc1a68a65495e0ad953a5235d3a448f19e.exe
Resource
win10-en-20211208
Malware Config
Extracted
remcos
1.7 Pro
Host
xp19.ddns.net:1996
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
nnjk.exe
- copy_folder
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
- keylog_folder
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
remcos_klyclegait
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
win
-
take_screenshot_option
false
-
take_screenshot_time
5
- take_screenshot_title
Targets
-
-
Target
baea1e30a52ec0ae882f09ea035829dc1a68a65495e0ad953a5235d3a448f19e
-
Size
340KB
-
MD5
45a7c49918481a1a4035811b99c6c9ad
-
SHA1
4f7efdf3aa9a83153098b69b6e625132b7f3a92f
-
SHA256
baea1e30a52ec0ae882f09ea035829dc1a68a65495e0ad953a5235d3a448f19e
-
SHA512
18ffb5328d419c27dd8762e97b2abe162b8d28dd3daf09f70b6de48f235e50f134e1ed1b038a113af38a2b7036a994cef0f8baf361c06fd1322dd94e8ed95eeb
Score10/10-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-