General
-
Target
95205b407cd86cd1b2ddd85bfdaa67d9434c1757e9e8f9fc6b990eb78387f4ee.zip
-
Size
1007KB
-
Sample
230321-r4qmssde4y
-
MD5
c1ae877a4895053924e4ae74418bd96e
-
SHA1
752b97acd4373654b97ff18e2f705c8ad3e0b12e
-
SHA256
77f56c0cc0f923dd763e4028d33bcb0d300e15c485602954b81d6a39ec1993ae
-
SHA512
027a9f078493ae6ae560a0d0ae1167ff5fa6c8836870855168ff4b0311f2fecade134e90eba4401d259c04a4a9d58987db062b3116651cf15aca40295800a20f
-
SSDEEP
24576:kuce1JOhceCIp1TtnOC/dQWT8tfOYcGMaORvt:kupJDebdne48to5aORvt
Static task
static1
Behavioral task
behavioral1
Sample
95205b407cd86cd1b2ddd85bfdaa67d9434c1757e9e8f9fc6b990eb78387f4ee.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
95205b407cd86cd1b2ddd85bfdaa67d9434c1757e9e8f9fc6b990eb78387f4ee.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
remcos
RemoteHost
51.75.209.245:2406
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-52YOYG
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
95205b407cd86cd1b2ddd85bfdaa67d9434c1757e9e8f9fc6b990eb78387f4ee.exe
-
Size
2.1MB
-
MD5
e03579a0e6f2881617a05ce524fe6176
-
SHA1
dd88c2948daf226985b6048deaa9ad577c7f2370
-
SHA256
95205b407cd86cd1b2ddd85bfdaa67d9434c1757e9e8f9fc6b990eb78387f4ee
-
SHA512
6cf5d6d4046ede733a3eb43f9815166ef9b105063019616c8a6dbb30a8ad74af6ee02af12e1174af982ca76ffe297172b0ce2306b3b22c79f85ef1542892c54d
-
SSDEEP
24576:ch3MhcNM1O05764Ym/GSdToQbE9roTuOFGydJ8MQ:chcPN6SZDwkA
Score10/10-
Suspicious use of SetThreadContext
-