General
-
Target
86501b9b040efe6e4e14f4cc59f5a3de7f271a1843067c5f88b28732506e5871
-
Size
228KB
-
Sample
240417-saqldaee7x
-
MD5
fdd5e4a6cfb853cd2151cfc7da171204
-
SHA1
4f9a2b364901bd1532d341e4fec81fe4e2b7e39a
-
SHA256
86501b9b040efe6e4e14f4cc59f5a3de7f271a1843067c5f88b28732506e5871
-
SHA512
5b22bcb559e9cc57475d767360fd3a99f80363ac08c67afdc033d0dfb133c7915d8545be405bce0f8c2b2ac934a3a4d351c01ef73df5d33186f8450e3658ff87
-
SSDEEP
6144:M5miD9g8k7l+Z+RBxXDy1GHjo0PIx9Odj5:shql+ZEBxXDy1ujt49Odj5
Static task
static1
Behavioral task
behavioral1
Sample
59cfbef2d28f5f8df3c98d8525acf710bbad31e3bed87ccb6d8c3d9f5a9d8fe4.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
59cfbef2d28f5f8df3c98d8525acf710bbad31e3bed87ccb6d8c3d9f5a9d8fe4.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
remcos
RemoteHost
194.147.140.205:4040
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-RJDWXW
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
59cfbef2d28f5f8df3c98d8525acf710bbad31e3bed87ccb6d8c3d9f5a9d8fe4.exe
-
Size
242KB
-
MD5
4e4bc21a1c1a34037e44db52a50086d5
-
SHA1
1419003d268ef43d3128c11f92e9533793b07320
-
SHA256
59cfbef2d28f5f8df3c98d8525acf710bbad31e3bed87ccb6d8c3d9f5a9d8fe4
-
SHA512
2ee099ce340f23a535726a4310d0e40fabd23e3e4ded625fe4fc18ea2cda3c6346d28a14f91c73f01161d572e30090de124ca32e05265ce387dc737869db27a0
-
SSDEEP
6144:jmGIhq8Q9AiAaK1Ga4my15stpehMPoCYRZ5oXuc81/L:qu8xpQm/abCMZcuc81T
Score10/10-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
ec0504e6b8a11d5aad43b296beeb84b2
-
SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c
-
SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
-
SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
-
SSDEEP
96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score3/10 -