General
-
Target
72333871ff2e5b9a7ae7e7c11af0c2ccbac7ac53bb60976cf0bcdfabceb5059f.zip
-
Size
923KB
-
Sample
221114-lq8nkage87
-
MD5
c0461377cf405979ad6d67cd04642b24
-
SHA1
cac7d65b32159c7ee656a5cc6991e5f88ed84f9f
-
SHA256
0c24c80e64bd24dd99d37c0ab1d21531587f8673cbc11ef998bab1614db2480b
-
SHA512
9cfc0f8831190a14a68e28614a24ec76660cc2b3a7eee1cdf6eb5bc5364becc91d7fc81c503db40c93eab2c68ab9ff4917a783dab92658ee3bc3a583bbcfc2e6
-
SSDEEP
24576:LmVOI9LXin40W9j20wWaHTx3UCrrDo5rDR7ZRcYBp:SVOI4l0GHl3UI6B9RcYf
Static task
static1
Behavioral task
behavioral1
Sample
72333871ff2e5b9a7ae7e7c11af0c2ccbac7ac53bb60976cf0bcdfabceb5059f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
72333871ff2e5b9a7ae7e7c11af0c2ccbac7ac53bb60976cf0bcdfabceb5059f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
remcos
NEW REM STUB
valvesco.duckdns.org:5050
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-48V73L
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
72333871ff2e5b9a7ae7e7c11af0c2ccbac7ac53bb60976cf0bcdfabceb5059f.exe
-
Size
987KB
-
MD5
a5aa2eac542632dddedfa716b670488f
-
SHA1
9bcb4986eedb690af9ff49b559da536bdaa43aff
-
SHA256
72333871ff2e5b9a7ae7e7c11af0c2ccbac7ac53bb60976cf0bcdfabceb5059f
-
SHA512
4274fd5027c7fad9434590e69ff7959057b5d4922c66be14ebd1281b1348c425f1e3481ba9ec7cb628849b31b4b4bda7ad03a777caece0d819eba2917fad5cd6
-
SSDEEP
24576:SAd18wtkhGN7NtazF50rOHXr9NBO7SiAH2o4sMmFMc3io3F93:JHtkhGntDyXr5O23WoucSoV9
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-