General
-
Target
a7366f4c99bb81a39cdf9f0523079fcf17f89a04371974ef8b0add94acc6ac6c
-
Size
238KB
-
Sample
220521-n5185seff4
-
MD5
0c6ef5f37f2066ca41ba324b4904d1fe
-
SHA1
5fb9f005cb1382919c7f376bb1d60de78ff6ca6d
-
SHA256
a7366f4c99bb81a39cdf9f0523079fcf17f89a04371974ef8b0add94acc6ac6c
-
SHA512
9ebe04fb6ba59923a1791eeffa389fac73f806fd1302353022315c660e0b1674600bd5b608dabe627536020c103d6656e1f54c324241f3c883fd754795390e27
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING_DOCUMENTS_0001202931.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SHIPPING_DOCUMENTS_0001202931.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
remcos
2.5.1 Pro
LIMECRYPTER-2
www.valjan.in:5200
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
valjan
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
valjan-T1D3NL
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
SHIPPING_DOCUMENTS_0001202931.exe
-
Size
291KB
-
MD5
94b2988b5446a35c848ec952129efdfb
-
SHA1
b880819d8f88c0382ddfb4073b927f0e0ec2bf97
-
SHA256
97950fbe40dd26ac4eabd641e8bae0fc8f23ce04e3c4cf06ad5e451389b80556
-
SHA512
36f8616ddc85b54b3d68ca1fda746433062aac9e8f92545539c445c862faf92b34073b51b2d18cc65b8c3fe6153b999d1b8853d847e76c85a8abc8c5f5edbb25
Score10/10-
Suspicious use of SetThreadContext
-