General
-
Target
17122153850e49c0cfb850fba174cf16707d6542d13cef87fc72c790ae00b3df54faaaaed9126.dat-decod
-
Size
483KB
-
Sample
240404-h8m8sshh23
-
MD5
c16b61d355597e973962354a54d9105a
-
SHA1
418f9f2d76cc53b40f6f7321f93bff947af7a699
-
SHA256
a1f0f4676e135cc88ab8b6a25c70530fa193b1718bd2ba7b6ac1c997c241f6c8
-
SHA512
9e4ede43e4cce4a0312cb52a795bf04bf75b7f5c8dfd837f47d86968db11febc92434d1aa71d88e785d3e99e12a99d997ce0edc9061fe2b380f82d03f7c7071e
-
SSDEEP
6144:aXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZDAXYcNH5Gv:aX7tPMK8ctGe4Dzl4h2QnuPs/ZDicv
Behavioral task
behavioral1
Sample
17122153850e49c0cfb850fba174cf16707d6542d13cef87fc72c790ae00b3df54faaaaed9126.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
17122153850e49c0cfb850fba174cf16707d6542d13cef87fc72c790ae00b3df54faaaaed9126.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
remcos
RemoteHost
jansuri.kozow.com:7232
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-3XBWOL
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
17122153850e49c0cfb850fba174cf16707d6542d13cef87fc72c790ae00b3df54faaaaed9126.dat-decod
-
Size
483KB
-
MD5
c16b61d355597e973962354a54d9105a
-
SHA1
418f9f2d76cc53b40f6f7321f93bff947af7a699
-
SHA256
a1f0f4676e135cc88ab8b6a25c70530fa193b1718bd2ba7b6ac1c997c241f6c8
-
SHA512
9e4ede43e4cce4a0312cb52a795bf04bf75b7f5c8dfd837f47d86968db11febc92434d1aa71d88e785d3e99e12a99d997ce0edc9061fe2b380f82d03f7c7071e
-
SSDEEP
6144:aXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZDAXYcNH5Gv:aX7tPMK8ctGe4Dzl4h2QnuPs/ZDicv
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-