General
-
Target
400032624567.PDF.r00
-
Size
1005KB
-
Sample
230208-pme4maab6y
-
MD5
591925e2df38ebcd2ddb70c6fd0e73f7
-
SHA1
0bbaf112bc62dc06e116915e0409fdd3e7bbca6c
-
SHA256
72b46c575c7a5a9bc90cd29bb66fef02086f737a7d4edf427fda03b4369d793d
-
SHA512
6d93bf9a4ca35b988f75fd45f924b57ce28e020ce90c365867770727612ddb9fb6588d29f6978616fd8b66ab515d5eba0a2fdcbb26b949c24b4ed58a1220b74c
-
SSDEEP
24576:kmWFU9FOYfbNY05mARX84e7THmNRnpIXh2FzMI+suSMntsw:k3qDOMr2rGTnuQFAITudCw
Static task
static1
Behavioral task
behavioral1
Sample
400032624567.PDF.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
400032624567.PDF.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
remcos
NEW REM STUB
onyem.duckdns.org:5050
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-HFP2Q6
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
400032624567.PDF.exe
-
Size
1.2MB
-
MD5
6b7d45b40f3796fb4bb3ca63cf9542b6
-
SHA1
549ecc1aeeff4452c76c89ac0f29629e922f108a
-
SHA256
3516aa66529037eec39f8ef3d926e3b7281c818e53740b6d495844ee8865e6f4
-
SHA512
9e7fa20432738554f3f598f5ef3f650e6acb7059bafc51c4998a442da06b2618cde27786d362eab6081bb03a744ee77622092b74abe89c3803ebf42848f33a81
-
SSDEEP
24576:llpDTpPktJ22JfNCxTF9OKBo/e/yI+NMzV/7LTpdgwMYe3vlp:l7C22ZNCxj1mIlbgwMYef
Score10/10-
Suspicious use of SetThreadContext
-