General
-
Target
f7ae5f5ac5006a22f1f60534770f4dd2dc543518dacf7c73695ffd6979f3d714
-
Size
369KB
-
Sample
220521-nc7kfsdeb4
-
MD5
279d4de4ff93b84f4300a1e2ed3aba34
-
SHA1
b27ae239cb2a347ae40c6b079284f509422b8cb7
-
SHA256
f7ae5f5ac5006a22f1f60534770f4dd2dc543518dacf7c73695ffd6979f3d714
-
SHA512
bc547e95f8a60d529679b764b3647db06534c5787f14471335dab1c5f19de1bff681e24fe00ead3d4c239f40681d5f07e7de4884f56adaf33e81a0ae75ce8649
Static task
static1
Behavioral task
behavioral1
Sample
Tosoh inquiry list 30072020_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Tosoh inquiry list 30072020_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
remcos
2.6.0 Pro
travisrem
travisrem.duckdns.org:3007
185.140.53.9:3007
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-SAEUAO
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
Tosoh inquiry list 30072020_PDF.exe
-
Size
572KB
-
MD5
f16a960895539b2d3b9dbf4a284397ea
-
SHA1
52e2c2a4a7ac078e097111aa367a54266a3cddf4
-
SHA256
50e7b9a736f734ffd4d57d93f93a89e454a4e5147ec7dac2c3f3e5f5fee6fd5f
-
SHA512
b17367f81cf14448d9ff3e712dbd9ef58b9de49b53184bef129b6c1f95471bcf0f1e23031d53c6b801657ff8ae880d1e8b3ecc180483225959aaeddd1dd8cea6
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-