General
-
Target
a63a455053dc647a6ed1d8ecf2d07cadd4d21ec80f9ded05367cfd1bf45ea5f7
-
Size
850KB
-
Sample
240417-qq8qsaba9t
-
MD5
2eb70edfc68ccf80df38406111758529
-
SHA1
768e39a6bdf6d6e43b1e30bf13ed6f929cbe879a
-
SHA256
a63a455053dc647a6ed1d8ecf2d07cadd4d21ec80f9ded05367cfd1bf45ea5f7
-
SHA512
a0378f6f8332900faab5f7d4aaa5ccb7cf742fc6df4eed4b7d0fdffd8d6ff2488e55d67e2a807ae4e68190dbcabc56606be937be65d675b4b1371e9064eb809d
-
SSDEEP
24576:1wOt9J2GIdNRbXJRTHdYsB5Z9NtEhXJbBRL48tXP:+O2HdnjbR9DdEVJtpz/
Static task
static1
Behavioral task
behavioral1
Sample
dbbaa8a3f350fc9ee75bc0d81c0ae4be1f0e53e62765900fac80f9f7ec541176.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dbbaa8a3f350fc9ee75bc0d81c0ae4be1f0e53e62765900fac80f9f7ec541176.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
remcos
NEW LOGS
107.150.18.202:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-OZ63RB
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
dbbaa8a3f350fc9ee75bc0d81c0ae4be1f0e53e62765900fac80f9f7ec541176.exe
-
Size
861KB
-
MD5
e7051ed29a0503d3cb5551de6dee0326
-
SHA1
a6f7ef215c2ceabfe67b98d3a463f296f4d1e6e4
-
SHA256
dbbaa8a3f350fc9ee75bc0d81c0ae4be1f0e53e62765900fac80f9f7ec541176
-
SHA512
483a265b190774af141e81a8a550ac852594a4a2b11a51242d06efe6ebc6393f14a0ae23c9a119f64c7acc4984bf3386bf5bbc3455c0544e4533e3a873aa46dc
-
SSDEEP
24576:RqPj0C+UdQ0+asWpOckHte7zMiHdElFqG165oeBhE:YPXLAgOVte7zMpC5TE
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-