General
-
Target
tmp
-
Size
1.3MB
-
Sample
230327-mfdwwach93
-
MD5
ea0ed22b74d388edcd12502bbd551765
-
SHA1
b2feee85b1c25c2b1323f19041f39a6aecb1da52
-
SHA256
fc0e7c3770a7c1452c62d071a8a59c81638c403f4841a7422d3b6e50934d29ee
-
SHA512
082c84902046488c0dfee9e8d0d5da7e4c4be63bc53c6500b2f6c69e63548dedff63a8c8b2f03f388892c3ba2c2d24da1e156fa166b0370aaf77c147d87b7148
-
SSDEEP
24576:evZvdf5lrRtHeaSQMuaGhqBnARdrqU+z9gUG7RO:MllUGqBARd+U+iNR
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
remcos
RemoteHost
vcv.mastercoa.co:8489
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-4IE8MY
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
tmp
-
Size
1.3MB
-
MD5
ea0ed22b74d388edcd12502bbd551765
-
SHA1
b2feee85b1c25c2b1323f19041f39a6aecb1da52
-
SHA256
fc0e7c3770a7c1452c62d071a8a59c81638c403f4841a7422d3b6e50934d29ee
-
SHA512
082c84902046488c0dfee9e8d0d5da7e4c4be63bc53c6500b2f6c69e63548dedff63a8c8b2f03f388892c3ba2c2d24da1e156fa166b0370aaf77c147d87b7148
-
SSDEEP
24576:evZvdf5lrRtHeaSQMuaGhqBnARdrqU+z9gUG7RO:MllUGqBARd+U+iNR
Score10/10-
Suspicious use of SetThreadContext
-