General
-
Target
57d3a8bdcd7094d0bde14dad0513a0a5dd7b7a9f76db16e70a3e344600341d6a
-
Size
732KB
-
Sample
221128-fd62babe81
-
MD5
30cf35e41e6b7382dd05f7eda8f345ef
-
SHA1
19051c3829919583cf583c145480ea87fd391da3
-
SHA256
57d3a8bdcd7094d0bde14dad0513a0a5dd7b7a9f76db16e70a3e344600341d6a
-
SHA512
6622609112680c1a99051073c6269faed31b3dfeb7a480bee68e91c7e49bb804d27a3a813f253f72885ef33c4c61a76f34d1bd9f6c767e8a3d78b346d6d6d2ab
-
SSDEEP
12288:dQum8DtaX2OefrYzFl5RQIoYjiLo4mBlekeFdjJaVNLmcVzRa/qiDHsOexH:dX6acJlvnGPcl+njJafmcVRaHs9H
Static task
static1
Behavioral task
behavioral1
Sample
57d3a8bdcd7094d0bde14dad0513a0a5dd7b7a9f76db16e70a3e344600341d6a.exe
Resource
win7-20221111-en
Malware Config
Extracted
remcos
Main
109.206.243.58:4541
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
15
-
connect_interval
3
-
copy_file
jdk.exe
-
copy_folder
Java
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%UserProfile%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Main-12ZYMW
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Java Updater
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
57d3a8bdcd7094d0bde14dad0513a0a5dd7b7a9f76db16e70a3e344600341d6a
-
Size
732KB
-
MD5
30cf35e41e6b7382dd05f7eda8f345ef
-
SHA1
19051c3829919583cf583c145480ea87fd391da3
-
SHA256
57d3a8bdcd7094d0bde14dad0513a0a5dd7b7a9f76db16e70a3e344600341d6a
-
SHA512
6622609112680c1a99051073c6269faed31b3dfeb7a480bee68e91c7e49bb804d27a3a813f253f72885ef33c4c61a76f34d1bd9f6c767e8a3d78b346d6d6d2ab
-
SSDEEP
12288:dQum8DtaX2OefrYzFl5RQIoYjiLo4mBlekeFdjJaVNLmcVzRa/qiDHsOexH:dX6acJlvnGPcl+njJafmcVRaHs9H
-
Sets service image path in registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-