General
-
Target
dfe6514d51d5b43c46230cc039418749de173cefaf075b6e4bf096688c7791c5
-
Size
909KB
-
Sample
240417-rz89cadh3y
-
MD5
70eacb9f858b85af13db1601796f5d6f
-
SHA1
cc29a6af87cb592897ec0eec6d1b24da851bc4f9
-
SHA256
dfe6514d51d5b43c46230cc039418749de173cefaf075b6e4bf096688c7791c5
-
SHA512
a52092aac8815a7f30d177ee5f2c124b4112cd5d3ac37b89df644f23900ee03d6915d06b4715fae060f774e64b3d5b8aaa331433bce516d9cc03eebdf5cff4f6
-
SSDEEP
24576:hHCK0iS1zLPGddCRff5sM1luhUHoyXnOMHt9WlHC+v:NCKevG8JfCMoUHBXnklHCy
Static task
static1
Behavioral task
behavioral1
Sample
d5bc991d8b0e51e45a1b9b9baa71dda7f7dfd8e769e3a641d0cda1077bd01b04.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d5bc991d8b0e51e45a1b9b9baa71dda7f7dfd8e769e3a641d0cda1077bd01b04.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
remcos
DESK
198.27.121.194:2024
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-EQJXDT
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
d5bc991d8b0e51e45a1b9b9baa71dda7f7dfd8e769e3a641d0cda1077bd01b04.exe
-
Size
989KB
-
MD5
7e2567feb06347258efd3722683a8cee
-
SHA1
f9d174070758ad9bafb3598f24495d47ecee936d
-
SHA256
d5bc991d8b0e51e45a1b9b9baa71dda7f7dfd8e769e3a641d0cda1077bd01b04
-
SHA512
6e2d804b45b81ddb42590ce2ee8fc82553906d75fff1091712fa36cada76b236a6c47cd2ad54d3efeb6c056a9be0478ba1f35ec543bbc777917b46ea263f2375
-
SSDEEP
24576:KMr8bshYpK2r0L05CQAeqKML9eT9qrTInWKraA:zwbYtL05lAeHMLstNr
-
Suspicious use of SetThreadContext
-