General
-
Target
e96e1839b0510dc2530c23cf5d9f9cd2.bin
-
Size
994KB
-
Sample
231024-c5sffsab5t
-
MD5
2be2fd32c1288c4562ed8500ca2f97f3
-
SHA1
1a7898763c788f243c629d2eca738848efb3f06a
-
SHA256
5547a31c7f8649929613e526af1c4bbde8a39af37e05bcfee0d36d16b7c9d337
-
SHA512
16f2d1f7b5b97f94c891d07a7683fe220a45f7f5b07fe62b8b64555570697b8a5e6f4f9772d95473418b21ee9caf72333a22fc096923b4e89644e07c662c86ca
-
SSDEEP
24576:Z5aPeiYeRs91Mh2VICHn0PLhuvcgHbPoyEzjvMmevup0Mk:ZAe11JIG0UcgHbbEzjHRk
Static task
static1
Behavioral task
behavioral1
Sample
3a1f5e5b3bac9dd6da9980c66cf04cd274031cd3d7dd005c0e7250de89855663.exe
Resource
win7-20231023-en
Malware Config
Extracted
remcos
XXXXXX
busbuctomorrrw.ddns.net:6609
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-JEV5XP
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
3a1f5e5b3bac9dd6da9980c66cf04cd274031cd3d7dd005c0e7250de89855663.exe
-
Size
1013KB
-
MD5
e96e1839b0510dc2530c23cf5d9f9cd2
-
SHA1
7ec9c3a39e6633a4041994f6a8ffaeaa4f34481d
-
SHA256
3a1f5e5b3bac9dd6da9980c66cf04cd274031cd3d7dd005c0e7250de89855663
-
SHA512
e2c14f81de5a2d1e4fe20eae91fab6e782b9b6ddca83465b8ceda699a24f64a948c3f0f69b5d59ebafdebc186c125768c093359efbe178156aa05b78aadda6b2
-
SSDEEP
24576:U2AhIXPo8S4lKIWtHASEmyHC5X+soDrcErJSKHgPc/kz:uWXx7lKIiH9Em2CmDrcoJSKHrc
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-