General
-
Target
21f6a18eab7f51f18819cbf97f353e32e2a2f11de7c0b8c8523eb7c90ea36b8b
-
Size
774KB
-
Sample
221206-nyp8asee57
-
MD5
2479c3d14c7d3127b996787da9222db4
-
SHA1
46a343df094095b8edfcf85f7f5604c9b5619feb
-
SHA256
21f6a18eab7f51f18819cbf97f353e32e2a2f11de7c0b8c8523eb7c90ea36b8b
-
SHA512
f118b9e83452722f8c0ae14b6c6622b3eaf4605a0fd927f26c744ed8c30c52aae210c246f3ab3ca3574e49767e65c55485d300916faeaed5aef88d0f17bc0642
-
SSDEEP
24576:WloNG3Dp09hOX3Mq3jaXhMsFjCshXMQJvTEzNksiD1:WV3DW9hWcqT8Xh8EbG
Static task
static1
Behavioral task
behavioral1
Sample
21f6a18eab7f51f18819cbf97f353e32e2a2f11de7c0b8c8523eb7c90ea36b8b.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
21f6a18eab7f51f18819cbf97f353e32e2a2f11de7c0b8c8523eb7c90ea36b8b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
remcos
sunshine
sunshine08.ddns.net:5687
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-BQS99W
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
21f6a18eab7f51f18819cbf97f353e32e2a2f11de7c0b8c8523eb7c90ea36b8b
-
Size
774KB
-
MD5
2479c3d14c7d3127b996787da9222db4
-
SHA1
46a343df094095b8edfcf85f7f5604c9b5619feb
-
SHA256
21f6a18eab7f51f18819cbf97f353e32e2a2f11de7c0b8c8523eb7c90ea36b8b
-
SHA512
f118b9e83452722f8c0ae14b6c6622b3eaf4605a0fd927f26c744ed8c30c52aae210c246f3ab3ca3574e49767e65c55485d300916faeaed5aef88d0f17bc0642
-
SSDEEP
24576:WloNG3Dp09hOX3Mq3jaXhMsFjCshXMQJvTEzNksiD1:WV3DW9hWcqT8Xh8EbG
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-