General
-
Target
13a01ab49ce46ef8c0b777be39442175acb0c2ff43f18430549a9927c991885b
-
Size
140KB
-
Sample
220521-pn6mzaahek
-
MD5
2964f55c3286b818da2f336f52dcca73
-
SHA1
71097d14e91a4a82f2559932bd1f4aa77326ea6b
-
SHA256
13a01ab49ce46ef8c0b777be39442175acb0c2ff43f18430549a9927c991885b
-
SHA512
fbe9f1d8bbef6f0855d7e6f180799a0c46790de3183e7fdbadda050a1a178ef2f28fb69fcaf198d7d32d2484a4e370b357f1ff4db42e3562d49689fd8f252a12
Static task
static1
Behavioral task
behavioral1
Sample
na.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
na.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
remcos
2.5.1 Pro
.NET
noapology.myq-see.com:5149
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
vlc
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
app
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
remoteaccess-ERAX9A
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
remoteaccess
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
na.exe
-
Size
343KB
-
MD5
9125179a330454ca85b14de64a89faa6
-
SHA1
1965ecfcd7181d6936565ab1f73ec594ed4c71a2
-
SHA256
52360edd07bcd18738ccc44906897ece6c659883978d6ed61bd1e73dca205bd4
-
SHA512
6054701500d7247be4d365be2a8501ff4fc24c5b523e002a8aefec7e01f8434bc62fc59aaabce9e4438cf8dfc623531c988b255a087355b8e7b4e2bfe4361890
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-