General
-
Target
2886F0E76820AE13982438C457F4A59038C2538BC710F7766371278861476FD9
-
Size
1.2MB
-
Sample
221123-r2kc1adb2v
-
MD5
d742d7a181bda447849930f8c40dfb82
-
SHA1
9f01a1e9801a894aa07e435937738837e357031c
-
SHA256
2886f0e76820ae13982438c457f4a59038c2538bc710f7766371278861476fd9
-
SHA512
75ef655d994b5b7530d4196d2d16bc3ff98224e4195c660c69be4f53b67e884e6ae6372e73b7095b2744c5d3cd7faf8226f274c95d3449961c15ff4ea4c648ba
-
SSDEEP
12288:68Kk0rvkBJ4VfnfzTuL8qNSc0eXH4x5mpeB/jX:6vXowVfbTiHwFeXYx4oD
Static task
static1
Behavioral task
behavioral1
Sample
PRINT_LE.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
PRINT_LE.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
remcos
Xp_no startup
xpremcuz300622.ddns.net:3542
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-419DY7
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
PRINT_LE.EXE
-
Size
557KB
-
MD5
8ba027e61920545c8b29c9c16e494b2f
-
SHA1
ca9cd55224dec90f68981e1b7fc2e5fd07b2d9cd
-
SHA256
4f3ac2facaae4e74a303e1c92b36c87372397fa19f93d3025cc6fa5c027a7b29
-
SHA512
c89886988feb692d6b6ff6a439490732e3e4d8aee3c3fc86514ac6a39874ccc50f8946f98c27158bae699f7d3912ac806ba9fbb0b5070bc48203771d5cea0b3d
-
SSDEEP
12288:O8Kk0rvkBJ4VfnfzTuL8qNSc0eXH4x5mpeB/jX7:OvXowVfbTiHwFeXYx4oD7
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-