General
-
Target
GH0987654560087.bat.exe
-
Size
1.3MB
-
Sample
231205-t9l8nsch99
-
MD5
f0b143f0d8012b2acb59e94544ee8a95
-
SHA1
215cd6adf283a17bf4c717e27842bc1e9bfb2058
-
SHA256
1f0a225b3b04a26d777a315cb1cacde6d5b0d7fc9e182a96ef035b41adada2de
-
SHA512
64b5dd4b4f14c090a06cbfa3dc69028efdc9c2c973afe7b3449eb4211611d8f373124eef14553548dd0cfc18b057d9518000ea6a8082fe1987c05b89f9a9dfa1
-
SSDEEP
24576:HYc6g/pOKKeFZYokY8+VnPZhNsqWOgjcjqQvWV:HrZYokYNnFsfxjcjqbV
Static task
static1
Behavioral task
behavioral1
Sample
GH0987654560087.bat.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
GH0987654560087.bat.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
remcos
RemoteHost
107.175.229.139:8087
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-IZFV1M
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
GH0987654560087.bat.exe
-
Size
1.3MB
-
MD5
f0b143f0d8012b2acb59e94544ee8a95
-
SHA1
215cd6adf283a17bf4c717e27842bc1e9bfb2058
-
SHA256
1f0a225b3b04a26d777a315cb1cacde6d5b0d7fc9e182a96ef035b41adada2de
-
SHA512
64b5dd4b4f14c090a06cbfa3dc69028efdc9c2c973afe7b3449eb4211611d8f373124eef14553548dd0cfc18b057d9518000ea6a8082fe1987c05b89f9a9dfa1
-
SSDEEP
24576:HYc6g/pOKKeFZYokY8+VnPZhNsqWOgjcjqQvWV:HrZYokYNnFsfxjcjqbV
Score10/10-
Drops startup file
-
Suspicious use of SetThreadContext
-