General
-
Target
2cdfb58833201dad1f2076676801789d7a976bab422305d1a5f328cc8ae468dc
-
Size
998KB
-
Sample
220121-3lphkadedj
-
MD5
b03d46ac73413bd5273d7e395ed8ff4c
-
SHA1
80abdbdc1e5bba2d61d5d5c2c6f4dcef91f217fb
-
SHA256
2cdfb58833201dad1f2076676801789d7a976bab422305d1a5f328cc8ae468dc
-
SHA512
2502d53400db53f0f3159812c8fa8818fd929e1153db2a42bb8ff9161f3f20b268f320f162f1ae7472ea0efb3dcebb17a6f1d18056195473add7cca2b456d67e
Static task
static1
Behavioral task
behavioral1
Sample
2cdfb58833201dad1f2076676801789d7a976bab422305d1a5f328cc8ae468dc.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
2cdfb58833201dad1f2076676801789d7a976bab422305d1a5f328cc8ae468dc.exe
Resource
win10-en-20211208
Malware Config
Extracted
remcos
2.5.1 Pro
zzzzzzzzzzzzZZZZZZZZZZZZZZZZZZZHERO
dominoduck2099.duckdns.org:9594
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
Chrome.exe
-
copy_folder
Chrome
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
system
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-HI8HR7
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
2cdfb58833201dad1f2076676801789d7a976bab422305d1a5f328cc8ae468dc
-
Size
998KB
-
MD5
b03d46ac73413bd5273d7e395ed8ff4c
-
SHA1
80abdbdc1e5bba2d61d5d5c2c6f4dcef91f217fb
-
SHA256
2cdfb58833201dad1f2076676801789d7a976bab422305d1a5f328cc8ae468dc
-
SHA512
2502d53400db53f0f3159812c8fa8818fd929e1153db2a42bb8ff9161f3f20b268f320f162f1ae7472ea0efb3dcebb17a6f1d18056195473add7cca2b456d67e
Score10/10-
Blocklisted process makes network request
-
Loads dropped DLL
-