General
-
Target
SPIER.dfh.exe
-
Size
971KB
-
Sample
220526-egrv5acacq
-
MD5
093bd5d66d0c00dd8460371d8a7c6645
-
SHA1
1f4fea0428b350a4ae31b1b77248a74f039e3d22
-
SHA256
6e6e55b8b80a3232b0059f0aab756936505691e6b7472eb5ac7d364f7623c4e1
-
SHA512
11c33dffa91cbc51529002704ca61fc5bf524124cffd5f7325c376c5214012792520bf1d45666f58d868bdc9e4250c8fc4c9afab6eb079de50b746340cfd24fa
Static task
static1
Behavioral task
behavioral1
Sample
SPIER.dfh.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SPIER.dfh.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
remcos
RemoteHost
niiarmah.kozow.com:2404
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
Updates.exe
-
copy_folder
Updates
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Updates-NESLEV
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Updates
-
take_screenshot_option
false
-
take_screenshot_time
5
- take_screenshot_title
Targets
-
-
Target
SPIER.dfh.exe
-
Size
971KB
-
MD5
093bd5d66d0c00dd8460371d8a7c6645
-
SHA1
1f4fea0428b350a4ae31b1b77248a74f039e3d22
-
SHA256
6e6e55b8b80a3232b0059f0aab756936505691e6b7472eb5ac7d364f7623c4e1
-
SHA512
11c33dffa91cbc51529002704ca61fc5bf524124cffd5f7325c376c5214012792520bf1d45666f58d868bdc9e4250c8fc4c9afab6eb079de50b746340cfd24fa
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-