General
-
Target
455f6d53160cb90e6f2b2c021f362260ebf90eee056fd8cf1315b67b8a74996f
-
Size
1.2MB
-
Sample
220521-bvyztacee4
-
MD5
9a7fd6bfee304a1cb689d88777a8dfc1
-
SHA1
215217d8a9161482a1dba74211ba4c6a6d8635eb
-
SHA256
455f6d53160cb90e6f2b2c021f362260ebf90eee056fd8cf1315b67b8a74996f
-
SHA512
41303fb5687f5b94de817b099094dfdec2effaae217ec542d7a593375463c2031857b4815d1ff1d40037de2dadbf4cd39d3e6f9ae673c91388113d3c8eecc562
Behavioral task
behavioral1
Sample
FDA_CERT.exe
Resource
win7-20220414-en
Malware Config
Extracted
remcos
1.7 Pro
Host
kmt.duckdns.org:3039
kmt-2.duckdns.org:3039
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
remcos_vejtzxohypibcpz
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
- take_screenshot_title
Targets
-
-
Target
FDA_CERT.EXE
-
Size
371KB
-
MD5
9c547767c3059a4aa991b4b4413725bb
-
SHA1
fd83c2cf73a959255d01abca9d681af4c62d5dbf
-
SHA256
246fb765947ed62ef616f5f714642ff0db639983582c0fa2cbab9ad251669b78
-
SHA512
1a3e2250804bc524750cdf3517b51af04e6988bc080a2d35468fc2e16758b6cd8970ff416ce0a009cbda387b31aaa0e698e8e5d1aba3f60c6110e069e4c1b1b7
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-