General
-
Target
Remcos Professional Cracked By Alcatraz3222.rar
-
Size
34.6MB
-
Sample
230329-bhkawseb69
-
MD5
91ef73eb787be28e013389110e78e8b2
-
SHA1
e97029e530c662e8fb89d3c1957fb168509b8f4f
-
SHA256
14a08cc28c5d133cec49f1e23ed4a0685c7a8dcbda6a6cde57fa2197fe428040
-
SHA512
d10094e545d71b5c404b4d62d134874dbec2d5ab3088b85d27711abcbfcb48431e722a1cfa178743400026030eac184912d15a23b3c113a3fdc016210351adc7
-
SSDEEP
786432:QuFA4mY7D7S4TWoDF8XB3uD5hLm6TtvtpYvbsYsaMxa/Ecaqu6:QuMYX24TRqBO5hLm6TtvtCvb4dOEcb
Static task
static1
Behavioral task
behavioral1
Sample
Remcos Professional Cracked By Alcatraz3222-cleaned.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
njrat
0.7d
HacKed
dllsys.duckdns.org:3202
3b570ffeeb3d34249b9a5ce0ee58a328
-
reg_key
3b570ffeeb3d34249b9a5ce0ee58a328
-
splitter
svchost
Targets
-
-
Target
Remcos Professional Cracked By Alcatraz3222-cleaned.exe
-
Size
17.9MB
-
MD5
946125ea1dcd4d87c44b603f608dd64c
-
SHA1
48635fd472da387b60a43d4b65813516f99c8c55
-
SHA256
56b813058735d5f0980dae75394cba6e78d2096f142aaf7811251dbac7657bb1
-
SHA512
b3f42641a68cd4e7c365a031f6c1997e3c4efcf0fbf6b616341062b23f58e90d6a08d93ac249de1b53151a8dfb728da5cbdfd8d18e96892410038385fb96c7e5
-
SSDEEP
393216:tHN4EgV1uaHYxhfJJZu9rOtEK0Vc+shB97mip52wrqi3nHoKzMWUOCF:tCEm54vJJZWWMgp5HuuzMWU
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Remcos Professional Cracked By Alcatraz3222.exe
-
Size
17.7MB
-
MD5
efc159c7cf75545997f8c6af52d3e802
-
SHA1
b85bd368c91a13db1c5de2326deb25ad666c24c1
-
SHA256
898ac001d0f6c52c1001c640d9860287fdf30a648d580e9f5dd15e2ef84ab18e
-
SHA512
d06a432233dceb731defd53238971699fef201d0f9144ee50e5dd7d6620dfdd6c298d52618bf2c9feb0519574f4565fb0177b00fd8292768fbd8b85dd11e650d
-
SSDEEP
393216:GYuGvp8EHb+in8f4Zg41+Q4AXf5ZZcyfHDMxVpSc+q+eOFxdx:3mqSi8fN4sAXfrZcyfo7p0eYHx
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-