General
-
Target
881b9954a4f1debc7e45fecb6072f05daa542c368af208156fd624d5b5fabc95.zip
-
Size
541KB
-
Sample
230321-r4qb2ade4x
-
MD5
23f8a39a5a8162b55c3644f768cca3c3
-
SHA1
96687d258e554c049ef735e4807f99bacbfc3c3a
-
SHA256
c3eb9fc2aa12b27dfd72d2d3754e073381e2084059f0263546428ef65e76abb5
-
SHA512
d6a99120619ef07423dfeb8d4d12a712f93a7adf94c7b6d4a73b9239fca682f17bad7bc1251f1ccba75d420b9ca5a1828bb7db216d598c8217ca1b6c37ab86da
-
SSDEEP
12288:B4uUhMEWUj7ARKVarFF7eP5G/f4ASKKywfDuIfo4ybpMUmvWRySa:BA9Wsb0SM/hSKuKJ4yAsfa
Static task
static1
Behavioral task
behavioral1
Sample
881b9954a4f1debc7e45fecb6072f05daa542c368af208156fd624d5b5fabc95.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
881b9954a4f1debc7e45fecb6072f05daa542c368af208156fd624d5b5fabc95.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
remcos
RemoteHost
obologs.work.gd:34346
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-335LZC
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
881b9954a4f1debc7e45fecb6072f05daa542c368af208156fd624d5b5fabc95.exe
-
Size
570KB
-
MD5
889e1150cd51af77640227dbe28a6cd4
-
SHA1
a667c16add4d0c36b496eb451201f71fe36a179d
-
SHA256
881b9954a4f1debc7e45fecb6072f05daa542c368af208156fd624d5b5fabc95
-
SHA512
8cd7aaf97cacef4d76ca8de1482fb6e9c5304d3eb31a5ac43714fa79ddd97e6026b495bd56e92739e6a6cf55ac9cb18bd948c4566d574e7e5ae47df0eb0cf015
-
SSDEEP
12288:gKtfdZEO19qlCYlA0Ju2mbWwYaIiY90Mj5gQh3S2hWyLzK+fv0FU:gKLZEO1YlthJu2mbJJnMj5gG35QYG+fS
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-