General
-
Target
Swift-Payment-Copy-MT103.tar.lz
-
Size
691KB
-
Sample
220120-m75hxahfg4
-
MD5
b23fc2e2722ed975086fa6199231ce2c
-
SHA1
8142315135c4a5c9c172d5329a0189e2defd50cf
-
SHA256
ed6f7d2247f32f718769391a1131a0eb7ec98fb8298bb61c88f9fd514566d086
-
SHA512
c89963de5fffdfbce41a7d267928517d5c9cb4940dedc05fbb35606037eb813ed69aa499676c2cc6d435020678a56dca6ea862358fe4b50b181f0f4640febe96
Static task
static1
Behavioral task
behavioral1
Sample
Swift Payment Copy MT103.exe
Resource
win10-en-20211208
Malware Config
Extracted
remcos
3.3.2 Pro
RemoteHost
rambolastblood.ddns.net:6327
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
apple-OQFG03
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
Swift Payment Copy MT103.exe
-
Size
699KB
-
MD5
4806b1a0b173a2ef49ff1246b0c51797
-
SHA1
4eb5a5b03acd02d971972f1c4a2c402f4319ef53
-
SHA256
587279399737ad503b89302814bd0ab5b5bf2eedb69c1a927789c823316eb5f2
-
SHA512
b0abe0c135772c9d957219ef3a448e9c7eee3565ca7d8332b4bf611eecb3a9c2a0edd91ae2c57cff29c55701eb154b4ac86f6c7e50934f057b33109ed5958a20
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-