General
-
Target
ab7f954e190ee1cab1cba2a28fab7c3dd197ed5ed3d060194b0053028dcb85ee
-
Size
236KB
-
Sample
220521-n2wjgshfdj
-
MD5
07a26b9d4d9fbea155a139f664d35760
-
SHA1
cf03e7f2a8af2f88d4be9d537e47227bc48308c4
-
SHA256
ab7f954e190ee1cab1cba2a28fab7c3dd197ed5ed3d060194b0053028dcb85ee
-
SHA512
4ab9e4a61d18fe618f0d89afca0d16de57b22dc8d8b3fef2c8857bed0e46a9b1d73eb2593eb2a0d73610f5d8effbcb5218fa96aa813f5a7b9fd420e50beab3e4
Static task
static1
Behavioral task
behavioral1
Sample
fkfiif.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
fkfiif.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
remcos
2.5.0 Pro
RemoteHost
91.193.75.178:8769
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-Q6P9LX
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
fkfiif.com
-
Size
314KB
-
MD5
18696c1965f4976fc8196516f75fdf63
-
SHA1
60f2b6021ad0c2ca7b10d9a5c48e91cddd3a0c8c
-
SHA256
ce9eea7daa40294ea32ee596e1a88ec5e6301ed44e08420ec9ab6bb5d810846a
-
SHA512
c67a0523a5d828cf90553c2fe1ae3ad75db27862f773b719420f400aeb5cc4d9001a5bf51afa1ca35ece644fabcf26854caca09a55ef8f272b0d9f343a7ee06e
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-