General
-
Target
KTS_202401501-0241.tar
-
Size
191KB
-
Sample
240122-pclhnafdan
-
MD5
9007829b50cefcda575cb091de8abc5e
-
SHA1
dd22414f83ab3b3d8c7597da3d9f21589cc39b09
-
SHA256
5ffb6fc181b72cac6f9ca5b392108e08548f6868e6f2fb98320fa696ddd4c448
-
SHA512
fa6dd261172fae02a404c0596b513be50c62e05b5d3dd97bb9401da553ecf64196e2c1991ceb6760eab4498757be1f461d8ab2165247213a3e0794099632c4ee
-
SSDEEP
1536:RRWiNA/qcv+2Xd830jdQeUKY11111111117:RRZNcz+lEjOeUR
Static task
static1
Behavioral task
behavioral1
Sample
KTS_202401501-0241.exe
Resource
win10-20231215-en
Behavioral task
behavioral2
Sample
KTS_202401501-0241.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
KTS_202401501-0241.exe
Resource
win11-20231215-en
Malware Config
Extracted
remcos
24
162.218.122.24:5707
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-A49MY7
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
KTS_202401501-0241.exe
-
Size
190KB
-
MD5
6f8afc3ca1122a453b8ac9d714c72166
-
SHA1
7032fdb5e26da2379cd9415bbbee9763a3b5c6ef
-
SHA256
bbdb5df2eaa64a3e93649f252c238e14965b9ec83822d751c6beff96078faa1e
-
SHA512
8aeff5d697349b537c535434d6e581f7bee59e0c13df0f69024a0745cf547a85750cff88642e0e54c347ec1475b51105d6bb2d55f9272db104dbb2e53d6bbcbe
-
SSDEEP
1536:BRWiNA/qcv+2Xd830jdQeUKY11111111117:BRZNcz+lEjOeUR
-
Detect ZGRat V1
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-