General
-
Target
tmp
-
Size
987KB
-
Sample
230526-msjb5afe8v
-
MD5
03dc66eb73f94113115e145a35599724
-
SHA1
88fdf81626acf5a1b2b561002b5ea6425c7b23fe
-
SHA256
43c39e05ae59835e16df8bd732cd035292db70bc2c2d6d95ac354622bfa376ec
-
SHA512
0e505655394d3e0728c7dcaa3157f0b1293bc9255727acec3435d7a4db8dcf9a130c2240cb6028dd2ca90cd9646e3b05075c8f0ccd56412f373e4a923f5badbe
-
SSDEEP
12288:97z5GoJiGaq5auiuHeSV0TL4X10nL8BeBQe90wgYlS+al1JiWYyn54FVHmSI9/VQ:55GoR5aQT0aqF2euimJiWYI4E1OaWoW
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
remcos
RemoteHost
seanblacin.sytes.net:6110
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
chrcrh.exe
-
copy_folder
chrcrh
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
chrcrh
-
mouse_option
false
-
mutex
Rmc-FDI6XX
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
chrcrh
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
tmp
-
Size
987KB
-
MD5
03dc66eb73f94113115e145a35599724
-
SHA1
88fdf81626acf5a1b2b561002b5ea6425c7b23fe
-
SHA256
43c39e05ae59835e16df8bd732cd035292db70bc2c2d6d95ac354622bfa376ec
-
SHA512
0e505655394d3e0728c7dcaa3157f0b1293bc9255727acec3435d7a4db8dcf9a130c2240cb6028dd2ca90cd9646e3b05075c8f0ccd56412f373e4a923f5badbe
-
SSDEEP
12288:97z5GoJiGaq5auiuHeSV0TL4X10nL8BeBQe90wgYlS+al1JiWYyn54FVHmSI9/VQ:55GoR5aQT0aqF2euimJiWYI4E1OaWoW
Score10/10-
Suspicious use of SetThreadContext
-