General
-
Target
167bca86a52908d6e2fb1b0bdca3df8d.rtf
-
Size
63KB
-
Sample
240321-wfqecaff5s
-
MD5
167bca86a52908d6e2fb1b0bdca3df8d
-
SHA1
ae057c97cd78b0b8ebb6f30165f3ad35d909a49e
-
SHA256
6dc8b0704d81ec66a87736345539e4ee1d6f13ca15842e20eb0f9d7f3a8230c8
-
SHA512
7833bcc39051ac084e94653e201765a5863c6954216797b95a1f62edb9ae6db4a7f76efb19014a8e841fcf612115aed7ed1d16bfe2e47ee1fdca56aada5f7098
-
SSDEEP
1536:vp0WXH6OmFGjtz95gK9g4kMcYvZ8GVTcJqtmJMYs10JVPfI70wgLYFriNBY7A2sh:BTH6OmFGjtz95gK9g4JvZ8E6qtSMYvP/
Static task
static1
Behavioral task
behavioral1
Sample
167bca86a52908d6e2fb1b0bdca3df8d.rtf
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
167bca86a52908d6e2fb1b0bdca3df8d.rtf
Resource
win10v2004-20240226-en
Malware Config
Extracted
remcos
RemoteHost
shgoini.com:30902
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-7XHN5V
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
167bca86a52908d6e2fb1b0bdca3df8d.rtf
-
Size
63KB
-
MD5
167bca86a52908d6e2fb1b0bdca3df8d
-
SHA1
ae057c97cd78b0b8ebb6f30165f3ad35d909a49e
-
SHA256
6dc8b0704d81ec66a87736345539e4ee1d6f13ca15842e20eb0f9d7f3a8230c8
-
SHA512
7833bcc39051ac084e94653e201765a5863c6954216797b95a1f62edb9ae6db4a7f76efb19014a8e841fcf612115aed7ed1d16bfe2e47ee1fdca56aada5f7098
-
SSDEEP
1536:vp0WXH6OmFGjtz95gK9g4kMcYvZ8GVTcJqtmJMYs10JVPfI70wgLYFriNBY7A2sh:BTH6OmFGjtz95gK9g4JvZ8E6qtSMYvP/
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-