General
-
Target
FRT-2022-DDSP00001-B(01).exe
-
Size
1023KB
-
Sample
220926-jwj62sbbdn
-
MD5
57f76540f090fe4e9e5141317a8136e1
-
SHA1
cc8c7a739fb0a26e6d0e55f5107fc76ea3345a10
-
SHA256
383f6ffeb727943af4e96cc93ab2615b14fd8b09c7e376aebc455ef82913f07f
-
SHA512
5a07fe45b8c58aa3148d4e0559992f596fa24d95b53fc2a9bc56130231b9c1af18cefb67181ce6f93281fdc87fe974110a3204ea7b030866c63f5436b90fc78b
-
SSDEEP
12288:x/yEifpu0utgokp/WWd/HRmwQkuL5v6YNHC/AAyRp3LBBTgqKmdUsF:ByEihvuFBWhswnuLXM/AAUpsq4sF
Static task
static1
Behavioral task
behavioral1
Sample
FRT-2022-DDSP00001-B(01).exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
FRT-2022-DDSP00001-B(01).exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
remcos
NEW REM STUB
valvesco.duckdns.org:5050
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-48V73L
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
FRT-2022-DDSP00001-B(01).exe
-
Size
1023KB
-
MD5
57f76540f090fe4e9e5141317a8136e1
-
SHA1
cc8c7a739fb0a26e6d0e55f5107fc76ea3345a10
-
SHA256
383f6ffeb727943af4e96cc93ab2615b14fd8b09c7e376aebc455ef82913f07f
-
SHA512
5a07fe45b8c58aa3148d4e0559992f596fa24d95b53fc2a9bc56130231b9c1af18cefb67181ce6f93281fdc87fe974110a3204ea7b030866c63f5436b90fc78b
-
SSDEEP
12288:x/yEifpu0utgokp/WWd/HRmwQkuL5v6YNHC/AAyRp3LBBTgqKmdUsF:ByEihvuFBWhswnuLXM/AAUpsq4sF
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-