General
-
Target
SOA FROM UNIBEST--MAY-JUN-JUL- 2022.exe
-
Size
219KB
-
Sample
220809-k5p94afhhl
-
MD5
70b97952feb29f9a3fa913f78dd56416
-
SHA1
323c84431a669ad0bf6038bd22b7413198f7f434
-
SHA256
36dd1628bc3935506e2aec81868813136f6b1c0ee52abae8cf9a7b5389f4f33c
-
SHA512
d219b54f08d81c3e58607c2d60c69fc061c43bb5b5431df436006700c214deaf542ab0cf078fa8a5e1b37133c4be0444926e0df61009f5cc1f19551694a382b5
Static task
static1
Behavioral task
behavioral1
Sample
SOA FROM UNIBEST--MAY-JUN-JUL- 2022.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
SOA FROM UNIBEST--MAY-JUN-JUL- 2022.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
remcos
RemoteHost
172.94.88.13:5888
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-3VUS2W
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
SOA FROM UNIBEST--MAY-JUN-JUL- 2022.exe
-
Size
219KB
-
MD5
70b97952feb29f9a3fa913f78dd56416
-
SHA1
323c84431a669ad0bf6038bd22b7413198f7f434
-
SHA256
36dd1628bc3935506e2aec81868813136f6b1c0ee52abae8cf9a7b5389f4f33c
-
SHA512
d219b54f08d81c3e58607c2d60c69fc061c43bb5b5431df436006700c214deaf542ab0cf078fa8a5e1b37133c4be0444926e0df61009f5cc1f19551694a382b5
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-