General
-
Target
26b43cadf6622b3d0e50bf3763cc5180.bin
-
Size
1.7MB
-
Sample
231102-bqv3cseh5v
-
MD5
9f7446e841168d0bedf3def3dbcdec88
-
SHA1
352df3983175fd2fa4deec39a2d6da6e65706f0d
-
SHA256
22f823fda39c5c44a3db44ad646a1c03335a6443facc07576eb93b20566730af
-
SHA512
8f0b665896371094551889e35e82a7b0554fbd7659c9989c21b365c8f336baad9a06235a9e3dacb382985e26feab597d65fd15e91124fce022d612ab83543e01
-
SSDEEP
49152:FQZ5pCJQqgTjK76ejDeBcAPA6DZEl5BxAiFG:KZMQtq6emeA1El5BbG
Static task
static1
Behavioral task
behavioral1
Sample
089fe1a7004a07e2fa5a8e706359b2d8d0b141bbc4719db9bc378e33b0771764.exe
Resource
win7-20231023-en
Malware Config
Extracted
remcos
HARD
cloudhost.myfirewall.org:9302
sandshoe.myfirewall.org:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
WindowUpdate.exe
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%Temp%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
RmcqSxe-3TCTRL
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
089fe1a7004a07e2fa5a8e706359b2d8d0b141bbc4719db9bc378e33b0771764.exe
-
Size
1.8MB
-
MD5
26b43cadf6622b3d0e50bf3763cc5180
-
SHA1
d84d2f83975f74767e7d398e8ad039be00c47598
-
SHA256
089fe1a7004a07e2fa5a8e706359b2d8d0b141bbc4719db9bc378e33b0771764
-
SHA512
1c8e2f1063f654ca94b67e1e651dfbaf5f10d8a0d1cf40bb8280877bae550df467f7574c0118d7d7d833b9b155619fe22168d3efeff916f16ad8c21b817f7fe4
-
SSDEEP
49152:xkQTA+5XkXJqDxHtrZPfnV2gAUCkSbVRb0ilg7/mHHH:xa+9kElHrIjU/CzG7eHn
-
Suspicious use of SetThreadContext
-