General
-
Target
9920E53084316EB1FE823DD747DEDF76A8ABEB37E07D491A76C3E546F0CC865B
-
Size
858KB
-
Sample
221123-r2dkfsda9s
-
MD5
5e984690c65c1d6a8c205c467c9edbb8
-
SHA1
1c38d41e218b7ffcab06e46dadcd9d2efbf380b7
-
SHA256
9920e53084316eb1fe823dd747dedf76a8abeb37e07d491a76c3e546f0cc865b
-
SHA512
226b5c651c6d6f81897556e7e0bbd2677c19a244c95b514234b198dbac2402f6a24ad9daaa88b62fbafbb3654e9d55fa2ae91fd50fac5e711a9d372a50dafcec
-
SSDEEP
12288:pt/AKBPWjxrJvGwJSUOIbQA52p9fieXuEATeZyIQFbzcU/:/bOBdGMSI/wlhuE8doC
Static task
static1
Behavioral task
behavioral1
Sample
swiftcopy.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
swiftcopy.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
remcos
worldclass
91.193.75.188:60005
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
worldclass.exe
-
copy_folder
worldclass
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-BY6BKA
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
worldclass
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
swiftcopy.exe
-
Size
390.0MB
-
MD5
f101b3158db2bdfbbeb97867f6b3dd91
-
SHA1
a726050dab999854ae32feffd9fe0e75796cec64
-
SHA256
900f05edc300fae13b416e42a9368acf5a3956895b7c7812d209b8c56bff08ea
-
SHA512
b1ae04125e3531a636fd7347cd22df2ca06d4d4ff42951c0b1d59923fe78034bcf5a7ec81fbbd891c454835202103ac751f617ec811eba07b9f39bb605a56779
-
SSDEEP
12288:PKBzbrJriwnMyQlh/b9bIhjv9qXvHvHXJKSV:P+75iwMrdbKhz0/Hv/
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-