General
-
Target
efd4213633c65b490245864feb69279cbdb09add9b70e22e18c183bb0f477cc1
-
Size
864KB
-
Sample
221017-djwresaee7
-
MD5
603b68f2852bb9a2020347b6117591d6
-
SHA1
f02104ecb7ff20f226aa4959bd0300287ef9695c
-
SHA256
093d5cf870867a18a04b1ff17a71b398f38663446ef9cda68e34120b28d46f43
-
SHA512
2a0317c2a652a1fc5adc0f9261cb9155d8354c0ae7895015b01546dff901895b3c590c829402b37fad18322aa0cc88f46d81249f264bf3335b6a5f577d84a930
-
SSDEEP
24576:n39RL4+mBmlPDeBXqLKj6uy4PeZ4UmWDyA:3b42PDeBWLIeZ45WH
Static task
static1
Behavioral task
behavioral1
Sample
efd4213633c65b490245864feb69279cbdb09add9b70e22e18c183bb0f477cc1.exe
Resource
win7-20220901-en
Malware Config
Extracted
remcos
220928
minecraftrpgserver.com:80
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
software_reporter_tool.exe
-
copy_folder
Google
-
delete_file
true
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
true
-
keylog_file
adbkey.dat
-
keylog_flag
false
-
keylog_path
%Temp%
-
mouse_option
false
-
mutex
9416a517bdcd8521-8QM7X6
-
screenshot_crypt
true
-
screenshot_flag
true
-
screenshot_folder
Google
-
screenshot_path
%Temp%
-
screenshot_time
60
-
startup_value
Google
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
efd4213633c65b490245864feb69279cbdb09add9b70e22e18c183bb0f477cc1
-
Size
2.2MB
-
MD5
5051c71e2b1b319a14474b47876403e4
-
SHA1
3684e802d6831d76da44d53cef16939916976b94
-
SHA256
efd4213633c65b490245864feb69279cbdb09add9b70e22e18c183bb0f477cc1
-
SHA512
8aaaa2ed847f452972d36854925e6043fba389f8a8852aad02c10e67d6fc2b0baac5548b48762d522cac4d8980a98170097281fc175f06ff2387c5fdb13b3636
-
SSDEEP
24576:WN9ewmMdH+HY530osWnYQb6VOKs4zm2evT:I
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-