General
-
Target
e96e1839b0510dc2530c23cf5d9f9cd2.exe
-
Size
1013KB
-
Sample
231022-wlwhjsbf6s
-
MD5
e96e1839b0510dc2530c23cf5d9f9cd2
-
SHA1
7ec9c3a39e6633a4041994f6a8ffaeaa4f34481d
-
SHA256
3a1f5e5b3bac9dd6da9980c66cf04cd274031cd3d7dd005c0e7250de89855663
-
SHA512
e2c14f81de5a2d1e4fe20eae91fab6e782b9b6ddca83465b8ceda699a24f64a948c3f0f69b5d59ebafdebc186c125768c093359efbe178156aa05b78aadda6b2
-
SSDEEP
24576:U2AhIXPo8S4lKIWtHASEmyHC5X+soDrcErJSKHgPc/kz:uWXx7lKIiH9Em2CmDrcoJSKHrc
Static task
static1
Behavioral task
behavioral1
Sample
e96e1839b0510dc2530c23cf5d9f9cd2.exe
Resource
win7-20231020-en
Malware Config
Extracted
remcos
XXXXXX
busbuctomorrrw.ddns.net:6609
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-JEV5XP
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
e96e1839b0510dc2530c23cf5d9f9cd2.exe
-
Size
1013KB
-
MD5
e96e1839b0510dc2530c23cf5d9f9cd2
-
SHA1
7ec9c3a39e6633a4041994f6a8ffaeaa4f34481d
-
SHA256
3a1f5e5b3bac9dd6da9980c66cf04cd274031cd3d7dd005c0e7250de89855663
-
SHA512
e2c14f81de5a2d1e4fe20eae91fab6e782b9b6ddca83465b8ceda699a24f64a948c3f0f69b5d59ebafdebc186c125768c093359efbe178156aa05b78aadda6b2
-
SSDEEP
24576:U2AhIXPo8S4lKIWtHASEmyHC5X+soDrcErJSKHgPc/kz:uWXx7lKIiH9Em2CmDrcoJSKHrc
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-