General
-
Target
6a910bee85fe3259125e68ae757aae7aa869046f8513066b0ac536b69c06424d
-
Size
735KB
-
Sample
220121-2wkfxscccq
-
MD5
a9e8764b6c8db1fe9cb3f28272e9ae4c
-
SHA1
e9290a9d4297aaf6bc05dd1ccd1a95b9c0819b82
-
SHA256
6a910bee85fe3259125e68ae757aae7aa869046f8513066b0ac536b69c06424d
-
SHA512
f2d06196fc9128a0cba007f38163a08789f7678139ea2ca19062cc0138e9ed66cb3aef586d7f4a233c419416503358e0b452134b0640894148a1fb7acd7c203a
Static task
static1
Behavioral task
behavioral1
Sample
6a910bee85fe3259125e68ae757aae7aa869046f8513066b0ac536b69c06424d.exe
Resource
win7-en-20211208
Malware Config
Extracted
remcos
2.5.0 Pro
VEINTIUNO
veintiunoremco.duckdns.org:1010
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-YAKX39
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
6a910bee85fe3259125e68ae757aae7aa869046f8513066b0ac536b69c06424d
-
Size
735KB
-
MD5
a9e8764b6c8db1fe9cb3f28272e9ae4c
-
SHA1
e9290a9d4297aaf6bc05dd1ccd1a95b9c0819b82
-
SHA256
6a910bee85fe3259125e68ae757aae7aa869046f8513066b0ac536b69c06424d
-
SHA512
f2d06196fc9128a0cba007f38163a08789f7678139ea2ca19062cc0138e9ed66cb3aef586d7f4a233c419416503358e0b452134b0640894148a1fb7acd7c203a
-
Blocklisted process makes network request
-
Loads dropped DLL
-