General
-
Target
c5YXaP80M6975Ej.exe
-
Size
891KB
-
Sample
240323-jeej8sef42
-
MD5
52f0f8c78caa712137ac2f2528738b75
-
SHA1
73cb280eb0ae2d807b9a7a928ab4634d7376a0ed
-
SHA256
a25bdcab7a38affd0798e5d674341724726c866e7cd7348b3d75bdb47ccca230
-
SHA512
25a37723954cb765dab04b03837e792990a63d6fe752f354b24c7b78e601cd4cab3e0e1c53ecec633e7bcc7d6a72e105036d12a6bd607d080a6e7d4e47385446
-
SSDEEP
24576:ewB6NgL6qamjlzHxdOGzX74iJ2RqYYjfogCPm3:V6OLPaMrxd374iJxa
Static task
static1
Behavioral task
behavioral1
Sample
c5YXaP80M6975Ej.exe
Resource
win7-20240221-en
Malware Config
Extracted
remcos
Host
37.120.235.114:2269
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-FCA9SV
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
c5YXaP80M6975Ej.exe
-
Size
891KB
-
MD5
52f0f8c78caa712137ac2f2528738b75
-
SHA1
73cb280eb0ae2d807b9a7a928ab4634d7376a0ed
-
SHA256
a25bdcab7a38affd0798e5d674341724726c866e7cd7348b3d75bdb47ccca230
-
SHA512
25a37723954cb765dab04b03837e792990a63d6fe752f354b24c7b78e601cd4cab3e0e1c53ecec633e7bcc7d6a72e105036d12a6bd607d080a6e7d4e47385446
-
SSDEEP
24576:ewB6NgL6qamjlzHxdOGzX74iJ2RqYYjfogCPm3:V6OLPaMrxd374iJxa
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-