General
-
Target
028be5788093b28cb81278a235abe328ece0264fbcec09e599e9251f0a87e562
-
Size
893KB
-
Sample
240417-rvyxtade81
-
MD5
62405c5a2161f4598fe0fe3341ec276d
-
SHA1
93311d2e55f23499045ee219817275e8ab9b7c22
-
SHA256
028be5788093b28cb81278a235abe328ece0264fbcec09e599e9251f0a87e562
-
SHA512
4a136b73214ea0641d65e0f2af930bae3b1482c76fc24c9f50df57f96b810b664c5d7c418e33e28efc026fd128bd58ef25678f460156fe00df410e147c917580
-
SSDEEP
12288:eXrU4CWVDl7CSl/CNGtcnBm5C3WQJEYMd0gABNcI4Ynu0TaTtPRO7vHnFHE5pR76:egSblKAl54JEYMdWtnZTSt+vHnBE5PK1
Static task
static1
Behavioral task
behavioral1
Sample
839be5e2a653b3fbd43370403d066b16e4dd22d867997b5156de621f44bf072b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
839be5e2a653b3fbd43370403d066b16e4dd22d867997b5156de621f44bf072b.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
remcos
RemoteHost
paygateme.net:2286
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-BDTHCE
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
839be5e2a653b3fbd43370403d066b16e4dd22d867997b5156de621f44bf072b.exe
-
Size
984KB
-
MD5
3f6158f27ef80630313026f52cac93f4
-
SHA1
ba374eb42010c5cf44fdc259983dc44442cb0753
-
SHA256
839be5e2a653b3fbd43370403d066b16e4dd22d867997b5156de621f44bf072b
-
SHA512
7ce1b216d055a6ae8491d93fab07502646b1a1939e2796005005875405e65ae5a2d97fc7607690ba2d38683678d22206529ad57d26c243e76c695da5b67faaf0
-
SSDEEP
24576:4Nxc5Gjn6R/TiWtnTS65ox40AjuCDLym06vQvyi3B:CxfjnkOYJ5cbuLyZ9
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-