General
-
Target
FAKE SSS ID.iso
-
Size
764KB
-
Sample
220808-n4nlnacee9
-
MD5
aa560f60ea04efcbe96b3d5981ee51ee
-
SHA1
0d9bc865a4f83e691b7e6401d09e1917b2245b84
-
SHA256
1ac5fac8a5e4ccce9cebeb9c8acde0b4d8ad25452e8e92a64231561c2ca8bd78
-
SHA512
cee7f6904384f073e5f92e83834de03e2bd6be48ff8da3236d71b595fa547329d9ab0bfed622cc48f19d631165bef2b5246878f8f8a25ebddec10d70a6e71429
Static task
static1
Behavioral task
behavioral1
Sample
FAKE SSS ID.exe
Resource
win7-20220715-en
Malware Config
Extracted
remcos
3.1.5 Pro
NEWS
catomaaaaa.freedynamicdns.org:6603
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-670V4G
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
FAKE SSS ID.exe
-
Size
712KB
-
MD5
c86fd38dbe87872dbb2a51c7b950d2d1
-
SHA1
14c1977cf7606d6d969a2f77e2910a9ad22b4a7d
-
SHA256
277f3d0a1f23b0acf578e45f45cd1f1492a643ec766689ab5493463a1e3fc584
-
SHA512
d26b2d757919f95819e07017189fec3c90de571ce6b47d9aee838cd982282c662b71bb0788f972d92230761bf287982137c8067eb4441d1a8793b40776f5ec65
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-