General
-
Target
33ed17b926f7d64a0702bc63e86d1a0d9683e08e9d2350a05fd7d459bdea5eeb
-
Size
940KB
-
Sample
220521-nw1agsecb2
-
MD5
4e99ad8f42aeada2eb2814cb0a0cc095
-
SHA1
b4bec8005cfaac2c72417c858b200dbf2b0370b4
-
SHA256
33ed17b926f7d64a0702bc63e86d1a0d9683e08e9d2350a05fd7d459bdea5eeb
-
SHA512
59c4c8a86dd25018e39473bcf4a99af15048b0464522c5da81ee7b96764c5ef3b8a99aac623bf690f587293bd3686defc0bbb66ed6570e67b8f3bade2649d381
Static task
static1
Behavioral task
behavioral1
Sample
4209043299.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4209043299.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
remcos
2.5.0 Pro
RemoteHost
194.5.97.116:6666
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-3QDKF6
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
4209043299.exe
-
Size
878KB
-
MD5
f145ba7f9fccb573b6f5059caac01039
-
SHA1
3900c07da9c91185643376cc6bb90b360afeaf62
-
SHA256
c4de7f33a98c2fc869ab8e6876cdf719e94fd1b2fffdb14035c3905d1a2d7f5b
-
SHA512
a575bd2d031c6177ca06f384737a3affef32a030f4b80d95c3903a8cc99af427022c7751645c80750d56201e72a3cac4657a30c649a8a43ffd4a0e7cc9eaae08
Score10/10-
Adds Run key to start application
-