General
-
Target
IMG_MiaaKhaliffaa.zip
-
Size
1.3MB
-
Sample
240313-xkqfksda2z
-
MD5
2e604d072df8ef7087e3bbfaa2a8b267
-
SHA1
97908c1245e6cafc32665d775622ee5bb118a225
-
SHA256
31a3488b571c2e5fe1927533dd2db64bb39737fd30fae3133274830d3a46bcb5
-
SHA512
a36e460f0e60b22cdc943c773d4e851dddf59757f42a77ac5a6763a96c5711cb64817a89f2393b0d712bed6f150f5b0e5de5d29057fc99f2cc743dc0e7c41f47
-
SSDEEP
24576:jCmoJtQbux7G1oqb6SppkRbc8iw0rFNv89j5NcHacAZ9mLC/Q:nEtQqxqdppqRiw0Rm9jrcHar9me/Q
Static task
static1
Behavioral task
behavioral1
Sample
'.jpg
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
'.jpg
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
winrm.vbs
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
winrm.vbs
Resource
win10v2004-20240226-en
Malware Config
Extracted
asyncrat
1.0.7
PAYPAL
141.95.84.40:4432
c1313v13324
-
delay
1
-
install
false
-
install_folder
%AppData%
Extracted
remcos
FRANAGUSLUCHO
141.95.84.40:9991
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-6YK7Z5
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
'
-
Size
1.3MB
-
MD5
404d59c0647de843b9a4ed4ebcbc722e
-
SHA1
f763ae79a50f8c87d0dace8496222f71ee2ecc88
-
SHA256
529302808b264932d6b154f2b9ad513760c1381666068815d951a93607bd3023
-
SHA512
e9e8ae328007564c470f145884f5eb77e5403ff8e5ae8fb1f3bad9993d1101ea3fddf2ccd802dade28dbb5a06625c429bdc88a90871a06f0ef623cd1243f282c
-
SSDEEP
24576:4IOBuXvG1oqgrMLQRapGepGrHQZFuAz320w0VD0kRw6IFinc:4IOwXuwiEoGjQZFuAz33w0uric
Score3/10 -
-
-
Target
winrm.vbs
-
Size
326KB
-
MD5
843d3a4a6784696065ecf33225c23f1c
-
SHA1
cb5c9317c63fda80da0df5f179635f400db74d4f
-
SHA256
168820068666c7236a2e1865531cfbf548d797affbd66839285ef1a853e36e1c
-
SHA512
fbaf49977fc249b8457becd818fe8d257a062535eb5b168294de87e8f22740ee31c49f99f14234aed8f8e7577ac3542a70b8186b28dd9e00d9fc79c9ca7030a6
-
SSDEEP
6144:/+Dm82dSi0ukP91lF1UflGsZcfAkYrG12XMYUcMk3:mDmCklacMy
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Registers COM server for autorun
-
Suspicious use of SetThreadContext
-