General
-
Target
9edadfe264d61d65394086197c5e7c12
-
Size
334KB
-
Sample
240215-3hcplabd41
-
MD5
9edadfe264d61d65394086197c5e7c12
-
SHA1
a424b5482d75c001f161b6002475b8af03692969
-
SHA256
e865f3b81f04f12f575d3d4061871b3b2476fa981a95f35a308a97410d4372c2
-
SHA512
0ea184898dd86b0c7dbc7a54008d56ff15acde93ce564aa852534f70002fdf1154260e2d0f801591445a71715d531cbd0af3b836fe9346362c87ecf40a9fa966
-
SSDEEP
3072:QzQgBOSOm06uNDTnFIcqvPwl+n0lLPjpymmQfRZ8XVMHluaqLIQHRhxsllD7g5ZH:QhduBTnFoYl+0ZPjpyb+Ya3gmyxV
Static task
static1
Behavioral task
behavioral1
Sample
9edadfe264d61d65394086197c5e7c12.exe
Resource
win7-20231129-en
Malware Config
Extracted
remcos
1.7 Pro
Host
212.83.46.23:3110
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
remcos_sfofkbucbh
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
9edadfe264d61d65394086197c5e7c12
-
Size
334KB
-
MD5
9edadfe264d61d65394086197c5e7c12
-
SHA1
a424b5482d75c001f161b6002475b8af03692969
-
SHA256
e865f3b81f04f12f575d3d4061871b3b2476fa981a95f35a308a97410d4372c2
-
SHA512
0ea184898dd86b0c7dbc7a54008d56ff15acde93ce564aa852534f70002fdf1154260e2d0f801591445a71715d531cbd0af3b836fe9346362c87ecf40a9fa966
-
SSDEEP
3072:QzQgBOSOm06uNDTnFIcqvPwl+n0lLPjpymmQfRZ8XVMHluaqLIQHRhxsllD7g5ZH:QhduBTnFoYl+0ZPjpyb+Ya3gmyxV
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-