General
-
Target
2b05753bc632ec1b4f66631be_JC.unknown
-
Size
2KB
-
Sample
230721-vf67esfh9t
-
MD5
e040670bac3e2ee10dc266c6bf6c07d9
-
SHA1
5a63414e2485bce19531562cbf033a83bcc2580e
-
SHA256
2b05753bc632ec1b4f66631be14ddd5757a56cb5d1593b7c86f386b3e8672968
-
SHA512
4b717f54dea8e631051f78f6687c3eecf1d4dabdc9ee798d61ed6b3c96581b9a8a5055d5ac6527a463a9bde0b2e14b9b360ee9e60d9312a42d9b67a464442d5d
Static task
static1
Behavioral task
behavioral1
Sample
2b05753bc632ec1b4f66631be_JC.js
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
2b05753bc632ec1b4f66631be_JC.js
Resource
win10v2004-20230703-en
Malware Config
Extracted
remcos
BTC
zoonm.ddns.net:9001
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
vlc.exe
-
copy_folder
vlc
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-6FL95Y
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2b05753bc632ec1b4f66631be_JC.unknown
-
Size
2KB
-
MD5
e040670bac3e2ee10dc266c6bf6c07d9
-
SHA1
5a63414e2485bce19531562cbf033a83bcc2580e
-
SHA256
2b05753bc632ec1b4f66631be14ddd5757a56cb5d1593b7c86f386b3e8672968
-
SHA512
4b717f54dea8e631051f78f6687c3eecf1d4dabdc9ee798d61ed6b3c96581b9a8a5055d5ac6527a463a9bde0b2e14b9b360ee9e60d9312a42d9b67a464442d5d
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-