General
-
Target
f7e3d03490fce2e39245c55eedf2339a6b9d91f15e454df30445dfce8682a92b
-
Size
265KB
-
Sample
240417-rcmrtsah89
-
MD5
63e0f9ac64b4cc47747497497a3fc72f
-
SHA1
f06631c3917e4128616aea9acfd5c443df8e4b29
-
SHA256
f7e3d03490fce2e39245c55eedf2339a6b9d91f15e454df30445dfce8682a92b
-
SHA512
348894f4c4d1b28672d4ecd7402e1af22d6c80ac33fd1acc30ede548e53992ef76d42f1cfb6138efebd4ea3966318521705a0ff260ccf2c77b308043b5973e96
-
SSDEEP
6144:7KU5+txXRyaR00ReuzphZAN7e/HMdCdlVZpe9hIutni:77CVVFzS8MdiTpihzw
Behavioral task
behavioral1
Sample
19ed174c6130af6c22e446b7d87d77c7005bb830c3a1c355a1f1caf7edb82b1a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
19ed174c6130af6c22e446b7d87d77c7005bb830c3a1c355a1f1caf7edb82b1a.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
remcos
MONDAY WITHOUT TLS
192.3.216.140:52498
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-AYV8LI
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
19ed174c6130af6c22e446b7d87d77c7005bb830c3a1c355a1f1caf7edb82b1a.exe
-
Size
482KB
-
MD5
3ad817a53df45721914ff93201460971
-
SHA1
a4696bc455f95aae9a48740e22bad16cca3f32e8
-
SHA256
19ed174c6130af6c22e446b7d87d77c7005bb830c3a1c355a1f1caf7edb82b1a
-
SHA512
3c455deca8ff4dba1a5fb56181ebf4c427a7a4b8d6892fb0f6b987ef19be13874b09b704971656c49e2c0ba3d1229ed7aa176b55c0deff9c166d59a9cfe36949
-
SSDEEP
6144:0XIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZDAXYcNp5Gv:0X7tPMK8ctGe4Dzl4h2QnuPs/ZD4cv
Score8/10-
Sets service image path in registry
-