General
-
Target
TNT Original Invoice.ace
-
Size
1.4MB
-
Sample
230329-n8lb4agb89
-
MD5
000e860f92e4d6001f1d13c6525bfd52
-
SHA1
544720a58caa5dc449d2f6318ead95b7465e7ba4
-
SHA256
f4ab4a125eaf218adb62d4a458ac26f872505c95ea837cc586f92bbdb2d6ac8a
-
SHA512
6e703af19efa995d64ea0b67a3fc2e2d5dea4a0b161f52a2d01957f761728d22a9dc06446bff534ab18dc789c35b36e08f1fd61b03491d1ef49cc5fc1d89c7b4
-
SSDEEP
24576:iSEhJmwagrK4pFTXx2lz8SPEixhckBmG/nK3tSwHnvWpxyyni3uqfnY5Pj:iSNpguoFTXQg4EiYkEG/nK9SynvWp0y5
Static task
static1
Behavioral task
behavioral1
Sample
TNT Original Invoice.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
TNT Original Invoice.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
remcos
RemoteHost
51.75.209.245:2406
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-52YOYG
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
TNT Original Invoice.exe
-
Size
3.0MB
-
MD5
c8c0264dca37efd9416dd2ec9dd5c931
-
SHA1
d99726a37eecb89ac7c0e8011617c952ad870762
-
SHA256
05a5e41d72b42e2ab08a2b9afce8780ba729f20128a86b83e649df6292a4e7b0
-
SHA512
7fc8bf021d0dd3a9e4997641340de811da87dc6d594e7e082b2a543dfa3fd3563e625797bb9648dcdef1e3830c2d10a9d51a3ac9d7310f930219c3a8fbbd6f52
-
SSDEEP
24576:7DX7TWfq0acNRVAWEo6E+uSLgaHgDZXhETZjipt/flxGV7hya0eqrmBtngpyyedk:HdNH2XSTZiAVnYD1JzOR1cUabuwHH
Score10/10-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-