General
-
Target
99a05067aed94f735dd04aed200cf020a0e2276791c44692491a895007c9dc64
-
Size
220KB
-
Sample
220521-nvy12aebf8
-
MD5
0654693d77996bb94e89a11278d0183c
-
SHA1
d4bf8cf0686f965284dcea67b77b991900fc35c0
-
SHA256
99a05067aed94f735dd04aed200cf020a0e2276791c44692491a895007c9dc64
-
SHA512
f1979056c708fb676fb7da5e55d7f95d720e05f49547a1686fd1f17b003110416a1fbdba6b770c3db93d59424eed82d437691bd8e8106c4f08989371e4768169
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Order.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
remcos
2.7.0 Pro
RemoteHost
remy.publicvm.com:8745
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-CQUZQT
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
New Order.exe
-
Size
567KB
-
MD5
28fa86ac13b13057063f65ba9335d61f
-
SHA1
a56e02c040df6f921b76e6714c87192dadc6b5aa
-
SHA256
4d1b436558291aa226a7342db8ff207bce093a7b329e10843101e7bf9974ea49
-
SHA512
283b05f96c2a3d92c7feb3ecda3f31858e594b44a7ada314fd41bd16b7087e299a8bcdf089ab039a255ac7a9701f99b1bb7aee1a93affd3a1c7171df0f944e3c
Score10/10-
Adds Run key to start application
-