General
-
Target
279a5520e7a1f0e9cd54f730f98bf529eb303651d556816ecec42e4144509d60.zip
-
Size
419KB
-
Sample
221114-lq5xnsge75
-
MD5
0ab6c465567321577d3724a9fa1fe6d1
-
SHA1
7c55c0a3618b2f06f85ba08f5010a0bb1b55b350
-
SHA256
350e526cd6244181cc01ae49f9e1195f8c5e8133184e6f6510bce597a092f7a1
-
SHA512
1242e0538c4e600ff58ee8edc714f47397a37d1f6e5906d362dc9f655fb6864f9b0e7b709796cd655eeb9aedafdca62b48d64a0bd3d620d970b1815c61b4a141
-
SSDEEP
12288:gUdVD3msLOEwWow+K/M0mAXWUN8A6vrPyE/lVjzL:BLDMEwHw+uXWeRAuEvjzL
Static task
static1
Behavioral task
behavioral1
Sample
279a5520e7a1f0e9cd54f730f98bf529eb303651d556816ecec42e4144509d60.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
279a5520e7a1f0e9cd54f730f98bf529eb303651d556816ecec42e4144509d60.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
remcos
NEW REM STUB
valvesco.duckdns.org:5050
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-48V73L
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
279a5520e7a1f0e9cd54f730f98bf529eb303651d556816ecec42e4144509d60.exe
-
Size
1.4MB
-
MD5
ea2e3b149dd6de773ed15ad7d0333588
-
SHA1
2d29d0e21f65e44e2c3d4b494732534fe08bd47d
-
SHA256
279a5520e7a1f0e9cd54f730f98bf529eb303651d556816ecec42e4144509d60
-
SHA512
af50f958bb4adba8549a3477e93470931e6a8ad0f502a92d8716e2b7c84baef38f8a5c3d47338e93fe0d3278bce315d5819926697c819f361cc212671029af73
-
SSDEEP
6144:tVGj5lTE4UU/A0ci44pPambmNO79Q/qENFr9peTeNha9Z8cjHdF+WiTM:mBTNQdTM
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Suspicious use of SetThreadContext
-