General
-
Target
37275bc26ea455588740f1bfacd3a9a9a96e7340490439ade8424926fcb1e0be
-
Size
854KB
-
Sample
240417-p4ppdshe5s
-
MD5
f1c399e98baec35dca8f09654e50d483
-
SHA1
a71aa7b3a1136dfe6351df4116159df7a1ab74a4
-
SHA256
37275bc26ea455588740f1bfacd3a9a9a96e7340490439ade8424926fcb1e0be
-
SHA512
ba70205b047bad2b462fd6e9938b1b7af50bed8ea0715230207eb0c70796a97b8af325c40596500928e494cecc7e217426bfa60c47d590ba39cac731934af685
-
SSDEEP
24576:lBFJciPbS834Rs8AYmI82XhqH5qRvGbk1Bya:lB8ebt3BxZI82XWqRebk1Bya
Static task
static1
Behavioral task
behavioral1
Sample
fb45724dc0b047d9a4134b5733320b6e31ebd3c76cbca1353b8b03891f058a43.exe
Resource
win7-20231129-en
Malware Config
Extracted
remcos
6356373
windows6254uma.duckdns.org:3687
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
263553-FMC1KA
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
fb45724dc0b047d9a4134b5733320b6e31ebd3c76cbca1353b8b03891f058a43.exe
-
Size
881KB
-
MD5
1ee60007a0e502f0c09058c0df156e75
-
SHA1
15f47f3e684f7d61f5749818b0e72fc2078f1f6b
-
SHA256
fb45724dc0b047d9a4134b5733320b6e31ebd3c76cbca1353b8b03891f058a43
-
SHA512
5d1402f4aea92f4e12472e48e82dba82299791d16afcb27cce714a9bf29b2805a05191b9f8eed459441e3648ecd913315fb28da26e5fd871585fac3972bb95a1
-
SSDEEP
12288:S9eCJeOLCCNI7lTcGqGZfwWdUZka9IC1VbC0xYB1YY2AiUOOTD18TJYDzS57T+b1:SxLVI7pcGVwWd1zB+8OTJS9v
-
Suspicious use of SetThreadContext
-