General
-
Target
Attachment.iso
-
Size
1.2MB
-
Sample
220128-yj1etscdb4
-
MD5
d4faed7c41867086aeb052705da921a9
-
SHA1
b6aa4404b063db43d33c736332ef07b8cebe11ff
-
SHA256
af2c1108e5c2cb79c88b0c7676e0ce09b1683a3a535c684eadf1e3bb5d43c641
-
SHA512
14391e444759b6775460ec4a5ee7bf6c60a14d30bd3948efe09406c2e0b76abefa2bff5b158a046708b267e0702b57ae0cecfecddae491264df9b320a54d7c56
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENT.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
DOCUMENT.exe
Resource
win10-en-20211208
Malware Config
Extracted
remcos
3.3.2 Pro
RemoteHost
generem.hopto.org:2404
generem1.hopto.org:2404
hendersonk.hopto.org:2404
hendersonk1.hopto.org:2404
gene.ddnsgeek.com:2404
henderson.camdvr.org:2404
henderson1.camdvr.org:2404
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
MediaGallery-S1SN8U
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
DOCUMENT.EXE
-
Size
737KB
-
MD5
aefcb95e2ec7b42df18cec95b8a79d2c
-
SHA1
a7d682ae1b7d2ead038b2940363c1d885ff00f57
-
SHA256
d7ffc3af598b8f046627f0701bb8cf94455a2c29d643cb105482c92743383380
-
SHA512
a14675b16f1cf265cc9af2284d4ade3270ccc8a982f4a952c1170d9959cb9d410c689b899f2bf1454dc7c1430330b7c72579bbd309d755d6256cfa0deb9e0320
Score10/10-
Adds Run key to start application
-