General
-
Target
tmp
-
Size
19KB
-
Sample
230129-2wewfahf5s
-
MD5
17abf0697eea43427b7e0ea295a09c2f
-
SHA1
9665076d470f2c614f58f36839591347f4236668
-
SHA256
1060b71f9fd78f5d283b8295def74b2b1457fb4949815fa8442904cd75329d4a
-
SHA512
dbf7a7bbf3488300ad688260cc2aa33e0fe4ef82b2ac430b2b4d0661e20f5e7259bf456e478ab1c3cc0120a7b33acf97bbffcc6e8c74e694f1785395635a25d4
-
SSDEEP
192:FPLL2GSnvjtt6BtFIEZtltPtptUtCttttZ6fWdZAphAtttWnTC/F:9fSvW+hhnG/
Malware Config
Extracted
purecrypter
http://121.4.69.26:53712/Sjewbm.dat
Extracted
remcos
MStox
80.66.75.126:53813
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
17
-
connect_interval
8
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-6QBZSN
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
tmp
-
Size
19KB
-
MD5
17abf0697eea43427b7e0ea295a09c2f
-
SHA1
9665076d470f2c614f58f36839591347f4236668
-
SHA256
1060b71f9fd78f5d283b8295def74b2b1457fb4949815fa8442904cd75329d4a
-
SHA512
dbf7a7bbf3488300ad688260cc2aa33e0fe4ef82b2ac430b2b4d0661e20f5e7259bf456e478ab1c3cc0120a7b33acf97bbffcc6e8c74e694f1785395635a25d4
-
SSDEEP
192:FPLL2GSnvjtt6BtFIEZtltPtptUtCttttZ6fWdZAphAtttWnTC/F:9fSvW+hhnG/
Score10/10-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-