General
-
Target
Remcos Professional Cracked By Alcatraz3222.zip
-
Size
17.3MB
-
Sample
220828-tyedpachc8
-
MD5
ea3fd7407073aae0205a02f10c1f826f
-
SHA1
aeb5a674da5bbdea4e1b42470e6e059b730b88a6
-
SHA256
bdb96b7a1a75fa4f56d1b1f922d80f029c12df21df49cbbfd1f2a3175d604195
-
SHA512
bf69f80a585eed54b599cb5adf285ca0576650b275daef6e502eae2d564906950cb4a13821b67325bc1c2ba0ca6436401f562c279cc42d3590e0f8becfec028f
-
SSDEEP
393216:2+Y8LpIcxbEWd4rSrwcJY2sG1l/TTwizV1iBLzCoa+++OvPrTy:/yMwWqrXc+G1l7TwiRI9z8++TTy
Static task
static1
Malware Config
Extracted
njrat
0.7d
HacKed
dllsys.duckdns.org:3202
3b570ffeeb3d34249b9a5ce0ee58a328
-
reg_key
3b570ffeeb3d34249b9a5ce0ee58a328
-
splitter
svchost
Targets
-
-
Target
Remcos Professional Cracked By Alcatraz3222/Remcos Professional Cracked By Alcatraz3222.exe
-
Size
17.7MB
-
MD5
efc159c7cf75545997f8c6af52d3e802
-
SHA1
b85bd368c91a13db1c5de2326deb25ad666c24c1
-
SHA256
898ac001d0f6c52c1001c640d9860287fdf30a648d580e9f5dd15e2ef84ab18e
-
SHA512
d06a432233dceb731defd53238971699fef201d0f9144ee50e5dd7d6620dfdd6c298d52618bf2c9feb0519574f4565fb0177b00fd8292768fbd8b85dd11e650d
-
SSDEEP
393216:GYuGvp8EHb+in8f4Zg41+Q4AXf5ZZcyfHDMxVpSc+q+eOFxdx:3mqSi8fN4sAXfrZcyfo7p0eYHx
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-