General
-
Target
04a8ec81d470d779101a2a39ad5b801668cbec7f78176f89766fd966744a9c38
-
Size
186KB
-
Sample
220527-y7qkjabee3
-
MD5
07d887ce0ba2736fa8fbc5139ad74c3d
-
SHA1
b818f67d4ac19b0c8fd2c167f4b48e188983a99d
-
SHA256
04a8ec81d470d779101a2a39ad5b801668cbec7f78176f89766fd966744a9c38
-
SHA512
791df0198131e32ccf3ba4e18cd8612279e41d1223238222a589ce44614aa81bf8fe6d34fb9a6dc3d7c9126753e283df2d48107ae5cbb1a51a297bbd33a26056
Static task
static1
Behavioral task
behavioral1
Sample
04a8ec81d470d779101a2a39ad5b801668cbec7f78176f89766fd966744a9c38.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
04a8ec81d470d779101a2a39ad5b801668cbec7f78176f89766fd966744a9c38.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
remcos
2.0.5 Pro
RemoteHost
79.172.242.28:2404
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
xi3s.exe
-
copy_folder
xi3x
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%Temp%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-NL03Y0
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
xi5w
-
take_screenshot_option
false
-
take_screenshot_time
5
- take_screenshot_title
Extracted
remcos
RemoteHost
79.172.242.28:2404
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
xi3s.exe
-
copy_folder
xi3x
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%Temp%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-NL03Y0
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
xi5w
-
take_screenshot_option
false
-
take_screenshot_time
5
- take_screenshot_title
Targets
-
-
Target
04a8ec81d470d779101a2a39ad5b801668cbec7f78176f89766fd966744a9c38
-
Size
186KB
-
MD5
07d887ce0ba2736fa8fbc5139ad74c3d
-
SHA1
b818f67d4ac19b0c8fd2c167f4b48e188983a99d
-
SHA256
04a8ec81d470d779101a2a39ad5b801668cbec7f78176f89766fd966744a9c38
-
SHA512
791df0198131e32ccf3ba4e18cd8612279e41d1223238222a589ce44614aa81bf8fe6d34fb9a6dc3d7c9126753e283df2d48107ae5cbb1a51a297bbd33a26056
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-