General
-
Target
aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
-
Size
1000KB
-
Sample
240410-dcgnxscc62
-
MD5
4cb03ed07925c43468569974c41b9325
-
SHA1
523e9b075323ae50036bf19b7f2e9615f97100d4
-
SHA256
aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9
-
SHA512
547fde8610379ee2e7ebeca76a711b5adb6c696abb9deaace5e4ea225e40d37fa437bb563dbd9bc81a2053676d2fb2ae43e4270d695f5d9d0a7d8ebee23f9ba3
-
SSDEEP
24576:0o5K55ee/YuX1Gx7MH7V9mu/0ilqWe7LpjCSAv:V5qauX1s7Mh4u/0ilq7LXAv
Static task
static1
Behavioral task
behavioral1
Sample
aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
Resource
win7-20240221-en
Malware Config
Extracted
remcos
BUDDY
192.210.201.57:52499
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-LMLI87
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
-
Size
1000KB
-
MD5
4cb03ed07925c43468569974c41b9325
-
SHA1
523e9b075323ae50036bf19b7f2e9615f97100d4
-
SHA256
aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9
-
SHA512
547fde8610379ee2e7ebeca76a711b5adb6c696abb9deaace5e4ea225e40d37fa437bb563dbd9bc81a2053676d2fb2ae43e4270d695f5d9d0a7d8ebee23f9ba3
-
SSDEEP
24576:0o5K55ee/YuX1Gx7MH7V9mu/0ilqWe7LpjCSAv:V5qauX1s7Mh4u/0ilq7LXAv
-
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
-
Detects executables packed with SmartAssembly
-
Suspicious use of SetThreadContext
-