General
-
Target
SecuriteInfo.com.Win32.RATX-gen.23971.32281.exe
-
Size
757KB
-
Sample
231208-lbx9aaac32
-
MD5
6696d37cf0b9b65fd9fc58934d79c9cb
-
SHA1
6c75525f455c341e936ec64546fc4d9bfe52ee81
-
SHA256
2db991b9ae725ec59f9a29654e4c5f8d2bf363662cfa8d271a8692fea4883744
-
SHA512
b9db5f1832b7a6d046c029204d6061e13b1e4b1d3e1a0117a7f51d03aa08b6a5f97be2036cba93ceb17a4f558c4ddfd580a80185d9c8446818b854ebe1749a18
-
SSDEEP
12288:HDWMD9ehE+uDneLBQt20dup/20AQBOLdxD4N1fahKDZncwk6pvxT0K0jlyOJN9R4:FeVZ27zZPdnjImBOQXU
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.RATX-gen.23971.32281.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.RATX-gen.23971.32281.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
remcos
RemoteHost
107.175.229.139:8087
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-IZFV1M
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
SecuriteInfo.com.Win32.RATX-gen.23971.32281.exe
-
Size
757KB
-
MD5
6696d37cf0b9b65fd9fc58934d79c9cb
-
SHA1
6c75525f455c341e936ec64546fc4d9bfe52ee81
-
SHA256
2db991b9ae725ec59f9a29654e4c5f8d2bf363662cfa8d271a8692fea4883744
-
SHA512
b9db5f1832b7a6d046c029204d6061e13b1e4b1d3e1a0117a7f51d03aa08b6a5f97be2036cba93ceb17a4f558c4ddfd580a80185d9c8446818b854ebe1749a18
-
SSDEEP
12288:HDWMD9ehE+uDneLBQt20dup/20AQBOLdxD4N1fahKDZncwk6pvxT0K0jlyOJN9R4:FeVZ27zZPdnjImBOQXU
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Drops startup file
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-