General
-
Target
REMCOS v1.7 Professional.zip
-
Size
12.0MB
-
Sample
230330-bmqy8scb4w
-
MD5
dd5e7c7970a12f5ac80eba466cc27b94
-
SHA1
1291af876790c7413f5b81d908b3bda0ea308c01
-
SHA256
e88ada222ffa511c3940eedddcb1d282654d0d574858638213bddbd4178a56b9
-
SHA512
a3d16bb21c82121cb247db54d011057d0ef0f74da8756571f94857ea6d438742b5f84eead991d5c9151213716a0a72ec4ae41f1d7c0450609c60b365d2c5185c
-
SSDEEP
196608:rwqVH+vqgI4MlPCzZzvixV9iQavc4/qH8SLsVFIfw1EV10c5IyyHt2e3Y3Ps327H:MqVQqjPPCzB6D9iQa022hsVGllGZqP9H
Behavioral task
behavioral1
Sample
REMCOS v1.7 Professional/REMCOSAuthHooks.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral2
Sample
REMCOS v1.7 Professional/Remcos Loader.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral3
Sample
REMCOS v1.7 Professional/remcos.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
REMCOS v1.7 Professional/REMCOSAuthHooks.dll
-
Size
1.2MB
-
MD5
a329f92ad3b9311af3130dbde81155ce
-
SHA1
36f3ae74eb18049e37868f1e42b7e66a294d9494
-
SHA256
d695a2ee6fcae64f4d8c4387a0a4c4aae05d08ce44a52598984673b890d02f27
-
SHA512
a82f51c112c610e90252d41d108f178e1f8fb6ee98f391e354d871966e9a61637b063fdb1e5934f1af70f055effebc4325151aa256137c63a40b70affd850438
-
SSDEEP
24576:flQQir0ed67LRTivbofUW5Y3wF7h6zFRdXjUa4Sq/KQodJagup+t:flJi4ed6ROvbwUQ+RdTUxS1Cwt
Score3/10 -
-
-
Target
REMCOS v1.7 Professional/Remcos Loader.exe
-
Size
1.8MB
-
MD5
75792b5b38edd028d13eef62c0d828e6
-
SHA1
9a84ec696d0bd14d1ceb16fd68d48bab9a42351e
-
SHA256
b7f82678830c34db745a16d5551386f15ff28fda563f10c6903f6471a58e243e
-
SHA512
2665982e2e7ccf1d86d523aafa66aa9c48e4c17377f59bcd77472bc9cde2bcb9b85fccd54eff79aeae33ef9683bc05d0fb2d9e2f01759bd3e51c8875ebef4c21
-
SSDEEP
49152:XX2xsTyR0C70GPdjE1Z0e1HVNt7iXdll6dXqAV4a:2xse408HVNh+lQXqO
Score7/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
REMCOS v1.7 Professional/remcos.exe
-
Size
9.9MB
-
MD5
ed1e424ea6f625968a334377e8ac629f
-
SHA1
ad00cc58a59a3d5b78d6603a1d09378e5dbd1647
-
SHA256
1e5375b400f68c422804703390489b2cf3968c2a8bccb0b5b3c55fe1d2e3c991
-
SHA512
5119b6ac8c1becda5b59a4802fc96828d338ba2d2767e5521bc226bf04b6637c1925b0cc1b0cf560540b1399730f695c55de23665e59d0683eb07d32939b8094
-
SSDEEP
196608:PDrZiT5gAQXBIiOMaws3cH12+zvuyEvCr4O/G7ma96vtBOn/L6+:bAT5gbIKMs1rzvHrf/U3KkDL
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-