General
-
Target
SecuriteInfo.com.Win32.RATX-gen.16241.17953.exe
-
Size
1.2MB
-
Sample
221012-ze9ndabeg6
-
MD5
9bd6d3ec4cc2d64de59946ff5d2d952f
-
SHA1
4327389ebe464a79552a839d54b13e04a9550d13
-
SHA256
d4efc7df4617d7aa2c8d0c1fb399706c3ca1820d84ddd51d7b59df21141aa773
-
SHA512
1cc28a8fceb17cb71bad6705b512ba66fc1e20753fc353cd3b1b796bf942afe64fb9f30fd8fb11a53b462175323e60566a9f95c508ac542f6eb13525f0b67c77
-
SSDEEP
24576:6wFCPZ6icEvJncCN2tDwpikvLe+s0drvuCeteGv:6wFCPZxPGnkK+sYG3
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.RATX-gen.16241.17953.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.RATX-gen.16241.17953.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
remcos
XP
xpremcuz300622.ddns.net:3542
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
oos.exe
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Remcos-MMP2I7
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
kkl
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
SecuriteInfo.com.Win32.RATX-gen.16241.17953.exe
-
Size
1.2MB
-
MD5
9bd6d3ec4cc2d64de59946ff5d2d952f
-
SHA1
4327389ebe464a79552a839d54b13e04a9550d13
-
SHA256
d4efc7df4617d7aa2c8d0c1fb399706c3ca1820d84ddd51d7b59df21141aa773
-
SHA512
1cc28a8fceb17cb71bad6705b512ba66fc1e20753fc353cd3b1b796bf942afe64fb9f30fd8fb11a53b462175323e60566a9f95c508ac542f6eb13525f0b67c77
-
SSDEEP
24576:6wFCPZ6icEvJncCN2tDwpikvLe+s0drvuCeteGv:6wFCPZxPGnkK+sYG3
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-