General
-
Target
af53ec8ba243eb098f419b1ed8a99e98c4528a6ab88c32b0f1ae1c28667c3f0a
-
Size
910KB
-
Sample
240417-pmy7hagc9x
-
MD5
2bf8775ff65ad929d1fd07741d75c803
-
SHA1
016b3804176c251e8ab7f2e4d1acb81fa1c1b694
-
SHA256
af53ec8ba243eb098f419b1ed8a99e98c4528a6ab88c32b0f1ae1c28667c3f0a
-
SHA512
69eb5d962dbca767af7cf8ffa6e1a5802b216648f990fc41558ab60f6e97320d5c2c2564ad664f3d43b16cb5c577cde1029716b723c16129f2b51a8504f22e80
-
SSDEEP
24576:YWEzCtDKD5mM0RorWl8CXoY6GLg19VSFV8r:ozCVQz8l85nGkVSF2r
Static task
static1
Behavioral task
behavioral1
Sample
f5d0cc0b20705f516fd4b613c5e10473dd6a49aff8f9a03db004e6e8b80f46d2.exe
Resource
win7-20240221-en
Malware Config
Extracted
remcos
BUDDY
192.210.201.57:52499
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-LMLI87
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
f5d0cc0b20705f516fd4b613c5e10473dd6a49aff8f9a03db004e6e8b80f46d2.exe
-
Size
967KB
-
MD5
6d53853d0d56802e6ad845407f61eee7
-
SHA1
3cfb6e47d65afb417444d23908e28163ab83a341
-
SHA256
f5d0cc0b20705f516fd4b613c5e10473dd6a49aff8f9a03db004e6e8b80f46d2
-
SHA512
20279d70d086aec743a7c6df92384fe5100e4a9e9f7cb710ac3c947b2a36a0a3b307638a0f3dfcd93cf26ba2172db1d546ffa311939ebc28c5b3988d0b6b00e5
-
SSDEEP
24576:Zo5Cx4T0Nq036gAfCwpOypJ4k4ZS3yWw:C5Cx4QN/OCypJ4ZZSCWw
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-