General
-
Target
0180ff6061f280ac6c5a2bf84dde5f6ea4a056c7cbf14f796d48c62f2290fcfe.exe
-
Size
48KB
-
Sample
240215-fld1hahg93
-
MD5
1664885f055e52e20320abe1e2d6748d
-
SHA1
91c461e040f6c00437e8b703c39014f612a72508
-
SHA256
0180ff6061f280ac6c5a2bf84dde5f6ea4a056c7cbf14f796d48c62f2290fcfe
-
SHA512
4df548f7f5252c40951b538ef4bc0e7a77de29e5aad74e7cffb22be9c64d8f7b1b08beabb6ff03b7cd2cdecf2daccfb5a59b47c44ddfc4218a2b4879ea0afb42
-
SSDEEP
768:p+TeBcj6u6tJ6IBBc/gyOD6elCQ8DySUrPFS7Zw6KZsLbVNkidl:p+TeBct6y/gt22Q05T6KAVNn
Static task
static1
Behavioral task
behavioral1
Sample
0180ff6061f280ac6c5a2bf84dde5f6ea4a056c7cbf14f796d48c62f2290fcfe.exe
Resource
win7-20231129-en
Malware Config
Extracted
remcos
983733
windowslvlssfebupdate.duckdns.org:4241
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
87363-Q6VFRV
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
0180ff6061f280ac6c5a2bf84dde5f6ea4a056c7cbf14f796d48c62f2290fcfe.exe
-
Size
48KB
-
MD5
1664885f055e52e20320abe1e2d6748d
-
SHA1
91c461e040f6c00437e8b703c39014f612a72508
-
SHA256
0180ff6061f280ac6c5a2bf84dde5f6ea4a056c7cbf14f796d48c62f2290fcfe
-
SHA512
4df548f7f5252c40951b538ef4bc0e7a77de29e5aad74e7cffb22be9c64d8f7b1b08beabb6ff03b7cd2cdecf2daccfb5a59b47c44ddfc4218a2b4879ea0afb42
-
SSDEEP
768:p+TeBcj6u6tJ6IBBc/gyOD6elCQ8DySUrPFS7Zw6KZsLbVNkidl:p+TeBct6y/gt22Q05T6KAVNn
-
Detects Windows exceutables bypassing UAC using CMSTP utility, command line and INF
-
Detects executables containing artifacts associated with disabling Widnows Defender
-
Detects executables embedding command execution via IExecuteCommand COM object
-
Detects executables potentially checking for WinJail sandbox window
-
detects Windows exceutables potentially bypassing UAC using eventvwr.exe
-
Suspicious use of SetThreadContext
-