General
-
Target
377992d8853161f9ea2d23e0bcebcc069e97ac9c0f498b8459a24ecc4c4c937f
-
Size
970KB
-
Sample
221124-xhm8face89
-
MD5
574886754fee218e6e04abfd57608d45
-
SHA1
2fb47d1f6b0fd08745707e0bffef4132f7dbc0b8
-
SHA256
377992d8853161f9ea2d23e0bcebcc069e97ac9c0f498b8459a24ecc4c4c937f
-
SHA512
097e5775acff67f6b4f1a18bcb0fd44a3b1eb0a6c7821757649281af7e3f15411f2110ed72a78742b1ebfbd1456f52dd0fa81158722e5f89a2333984a544a8ce
-
SSDEEP
24576:UAgh/PJv46D6VAwhgPlSDOznsDF3brtY:Ujh/lD6AMgdymnKFXC
Static task
static1
Malware Config
Extracted
remcos
BALLER
91.192.100.48:1979
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-2RPM8Z
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
377992d8853161f9ea2d23e0bcebcc069e97ac9c0f498b8459a24ecc4c4c937f
-
Size
970KB
-
MD5
574886754fee218e6e04abfd57608d45
-
SHA1
2fb47d1f6b0fd08745707e0bffef4132f7dbc0b8
-
SHA256
377992d8853161f9ea2d23e0bcebcc069e97ac9c0f498b8459a24ecc4c4c937f
-
SHA512
097e5775acff67f6b4f1a18bcb0fd44a3b1eb0a6c7821757649281af7e3f15411f2110ed72a78742b1ebfbd1456f52dd0fa81158722e5f89a2333984a544a8ce
-
SSDEEP
24576:UAgh/PJv46D6VAwhgPlSDOznsDF3brtY:Ujh/lD6AMgdymnKFXC
-
Suspicious use of SetThreadContext
-