General
-
Target
9640573998280900bbaab48ea85f674275d76b8bdde1642aa0c59898c6a79a21
-
Size
1.2MB
-
Sample
220205-ps4deabfbl
-
MD5
777c491c3860714002e67364de5af30c
-
SHA1
fc4f9f1833683eb76a8a2ced9529d8dadcbb95f8
-
SHA256
9640573998280900bbaab48ea85f674275d76b8bdde1642aa0c59898c6a79a21
-
SHA512
1f0fe9b04bb92287e6ba9dba0edf5474291c691c4fd0867e16c3fd5c82c8cfccb7bc134c30bdba53a582127a5191dda674493a773b4df234a38af7aac591664b
Static task
static1
Behavioral task
behavioral1
Sample
REMITTAN.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
REMITTAN.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
remcos
2.5.0 Pro
Panda
prantiexport.myq-see.com:3535
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
chrorne.exe
-
copy_folder
chrorne
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-NE3XLT
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
REMITTAN.EXE
-
Size
224KB
-
MD5
03be770b4cd4a4290d56c7fda10b5b71
-
SHA1
a99ee0301a352ecd3255a64da62579d04d5bdad3
-
SHA256
6ea9da4ed018d0d17891bc301d0d42c637482f8ecdac6ebff94ac9dd41d5d7a3
-
SHA512
a434dc391e18f9c05faf8579ee5956eb7095bc10524b1a86896b3bdc59ee09254c7625376929d31bc6920b1e59bc2cce890590682a22d37e38d6122dafa90441
-
Suspicious use of SetThreadContext
-