General
-
Target
attack.ps1.ps1
-
Size
4KB
-
Sample
221005-j26bgadhfq
-
MD5
176f540c8e71f960c63b239859ec05d2
-
SHA1
c517eed5e7a5609f90933840094e78db12a4c68f
-
SHA256
9986a5a295dcbcf5ca4b5c70f8f7a160316d20c7073956ad4ac636506b14bf18
-
SHA512
726d248fd0f86487fe4b392b79ef0b7ef636cd9442d2bd8cebafb68520076153f07e4bb4318e155f1df36458dec570769af4f3817ecec8428d381e3753285cb4
-
SSDEEP
96:w8vjRjNL3nxnBHbHXdb/p3FPPtLfhTbbfLThzZZTXP7CKx:w8vjRjNL3nxnBHbHXdb/p3FPPtLfhTbh
Static task
static1
Behavioral task
behavioral1
Sample
attack.ps1
Resource
win7-20220901-en
Malware Config
Extracted
remcos
tampabay
zelthin.dvrlists.com:6268
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-MOJ319
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
attack.ps1.ps1
-
Size
4KB
-
MD5
176f540c8e71f960c63b239859ec05d2
-
SHA1
c517eed5e7a5609f90933840094e78db12a4c68f
-
SHA256
9986a5a295dcbcf5ca4b5c70f8f7a160316d20c7073956ad4ac636506b14bf18
-
SHA512
726d248fd0f86487fe4b392b79ef0b7ef636cd9442d2bd8cebafb68520076153f07e4bb4318e155f1df36458dec570769af4f3817ecec8428d381e3753285cb4
-
SSDEEP
96:w8vjRjNL3nxnBHbHXdb/p3FPPtLfhTbbfLThzZZTXP7CKx:w8vjRjNL3nxnBHbHXdb/p3FPPtLfhTbh
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-