General
-
Target
57f4fddeb180190439ddfeb3d6224fdeeaec2a7c2789d32571c1a1c5643e247f
-
Size
865KB
-
Sample
240417-p4832aga59
-
MD5
618b19ac8e5d7acaabfaefce7c376843
-
SHA1
a991b88e7957baf603c89b07a6ccecc3e2ecf0a6
-
SHA256
57f4fddeb180190439ddfeb3d6224fdeeaec2a7c2789d32571c1a1c5643e247f
-
SHA512
f36deea7c978ddc5aeea8ad5386196ae63d91d73d04be043391b04294aaf7c90ca5265a189698b0904b7a57a7b4bf9a824930e044042d195130aeff6bd2774b1
-
SSDEEP
24576:UmN3Vz9oDIzfFjHLKMIazj4bB0Xf463aRLs+:JF9oafFKMxuKV8
Static task
static1
Behavioral task
behavioral1
Sample
2e368631139e75aa6cce30aef3ccdfe59dc2131a7f5166fa5b0e36c969eb5ada.exe
Resource
win7-20240221-en
Malware Config
Extracted
remcos
BUDDY
192.210.201.57:52499
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-LMLI87
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2e368631139e75aa6cce30aef3ccdfe59dc2131a7f5166fa5b0e36c969eb5ada.exe
-
Size
888KB
-
MD5
215dc8f3f75f1d67d9b6fcec09cb4d00
-
SHA1
b78ba4e1350b1173b1a2457209993f439fa7e199
-
SHA256
2e368631139e75aa6cce30aef3ccdfe59dc2131a7f5166fa5b0e36c969eb5ada
-
SHA512
2a094dd055eedbe761e7da1b7eb44e1a4da04eb79a44bbb7b003a6bc31dadd90deb9cee2e101e55dfba72a700681557cc032547e8bea40f6c0bec2fd418e2ede
-
SSDEEP
24576:R6SNOGucnCSGYVWX54fKQ7ov6pASCDvHKfpket/0Ms20:kyOPE4WoTQa6pA97HqeeC
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-