General
-
Target
262F89154949A9F8D41B8FDB4DE1013F897E60AB83225F8F35783BEE6A1D6557
-
Size
888KB
-
Sample
221115-t9nfqseg77
-
MD5
f8430b32c4c0f837a21c81768df478dd
-
SHA1
48254b36f8507f1233779d9095eab1abbff6eaa6
-
SHA256
262f89154949a9f8d41b8fdb4de1013f897e60ab83225f8f35783bee6a1d6557
-
SHA512
25627d07193ecba40553e7ff07d131efc73af7eecec260a76de0af26c5bdddc934490887795945aadf78385d81758acab841ab6569bb652494b1a9041143b951
-
SSDEEP
12288:jd8qzJYIdqw2RKxMd6AJWws9+xLhxEWzPRWA2y70:B8qNYIJ2QK6AkwsMHzPQA2x
Static task
static1
Behavioral task
behavioral1
Sample
travel itinerary.exe
Resource
win7-20221111-en
Malware Config
Extracted
remcos
manup
91.193.75.188:60005
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-Y6KFVO
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
travel itinerary.exe
-
Size
380.0MB
-
MD5
184ae205be9e6fb8e0f1983b60a380e9
-
SHA1
468f1122eb96501c0378ed8f68e640e292aa066b
-
SHA256
43cd9c2e9581da86628691ce210a40d64bb35ee6d7d33f0315d56c6208017781
-
SHA512
7069ed4602d2d5dec8defa91bd5682f33e26b39452641ec3b594a00039551cc5b4e3cdb16821faa9e42aacd9b7941a333af3e87b9c8e90d4f15a0bee936a52e1
-
SSDEEP
12288:e5UGXhYEdgwIRIxudakJOws9IxdDdaWzHRkmM4:/GxYEfIqMakIwsYhzHCmM4
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-