General
-
Target
283fd9269a10ccbdff570c87ca0739b53f9b1cfb65309647bb6370ac3bddf5ec
-
Size
765KB
-
Sample
240417-q1geaabf9y
-
MD5
ea11b6f140a028c4e7269838f7d0222f
-
SHA1
4226d136df72b818d894058ee916d966280986d3
-
SHA256
283fd9269a10ccbdff570c87ca0739b53f9b1cfb65309647bb6370ac3bddf5ec
-
SHA512
b06014f16ef01237dbac932d5837d3bef5a5567d504b4aa194c32c206388b39774313a661c2ca527dcf155c13ac3b98019fa515f7eaf0545fc5731901ace8d9d
-
SSDEEP
12288:R/9U2AJ6oPfNTjeJ281VV3oCUVS/eTAb5NggFC33nfwvmP0TOer8mrVH/x:R/hAJ6QN+wACv0Fb5NggFgSmP0TOG8m7
Static task
static1
Behavioral task
behavioral1
Sample
f2fe3aa0d244d7f17610042ee41aaa3eff40b1a349b43f317ff92f6ec5b7608e.exe
Resource
win7-20240215-en
Malware Config
Extracted
remcos
Admepc
darkotemplar.sytes.net:1999
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
admepc.exe
-
copy_folder
Admepc
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
admepc
-
mouse_option
false
-
mutex
Rmc-SETMPC
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
f2fe3aa0d244d7f17610042ee41aaa3eff40b1a349b43f317ff92f6ec5b7608e.exe
-
Size
989KB
-
MD5
5d4a1543df1e7ee3ec6393b7f2e9435c
-
SHA1
f57d0fbb8a3c5f96486b87bfeb56c9ee140faca9
-
SHA256
f2fe3aa0d244d7f17610042ee41aaa3eff40b1a349b43f317ff92f6ec5b7608e
-
SHA512
7e56907cc86e423bab6bc02661ca8ba7787ed5fe412a226a326a97ed115c3b9da03f2ef6ec603fcb6f2b561be31487ec252d337c68791079b0ffe85e03312e78
-
SSDEEP
12288:ppahc5Gs5eiBq7rdlsOkbSFRUx4rbFY4Qo/g7bmGhiqZr8JqkOMbpceiLz1dl:pZci87Hs5bRkQommGQKJWpBiZ
-
Suspicious use of SetThreadContext
-