General
-
Target
0e9df52168fbecd2a55c82823d014c4259de65b17f508c7ffdd1f02c2e0bff67
-
Size
931KB
-
Sample
240417-rtbe5add9s
-
MD5
8614ec06a3e415b020abf3e84fe4f904
-
SHA1
6dd7bad8a9f2f6481e170e0ce1b353dac96c535a
-
SHA256
0e9df52168fbecd2a55c82823d014c4259de65b17f508c7ffdd1f02c2e0bff67
-
SHA512
592a13318077b64a765a6ac394cb8afe50928cb192931832c22ea09bef9441799335eb440dbb7f6a6b847b861b04cb50aa915418d95c723fda319ed7be43e934
-
SSDEEP
24576:YkTz35U9LIAli/kvy5I458MMYosU4soaZNoa4:Yk3y98AJanlU4KZyF
Static task
static1
Behavioral task
behavioral1
Sample
344301a6f73b73afd98c763519d52548b0ee3a76824d033712ddf3ec0115f549.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
344301a6f73b73afd98c763519d52548b0ee3a76824d033712ddf3ec0115f549.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
remcos
RemoteHost
paygateme.net:2286
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-BDTHCE
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
344301a6f73b73afd98c763519d52548b0ee3a76824d033712ddf3ec0115f549.exe
-
Size
966KB
-
MD5
1291a06a395fb852059a6ceb0e3eeb26
-
SHA1
d2817ad9ae07ebac664f4ecc73094847266592fe
-
SHA256
344301a6f73b73afd98c763519d52548b0ee3a76824d033712ddf3ec0115f549
-
SHA512
2523049d9fd6aaf796a8cef7f452379a9b875bfc047aae0bdf191f2c9eb5cb0825fb2cec2716e86834182d0c1380fd78a396bd31ad7e255d7bdfeebcf47fc21f
-
SSDEEP
24576:b1Dxc69WYtZlNj16hhTaQabNSXgOf5clRreL9f73Sz:b9xxrjshhTa1NOslRreL9+
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-