General
-
Target
CHEMICAL LIST.Tar
-
Size
911KB
-
Sample
240418-kx3v8age99
-
MD5
cb501eb5647656b4dcafcb8dc163c53d
-
SHA1
c5749c20adb0948b4f3c839f087e526180bb4f8c
-
SHA256
2c9f028eba1a74849a9b52b5e8901488a79299f84fe6b76173b2ff8d1c1ba452
-
SHA512
2e67d9174e4528515d58392875799c8358108a65ee5ed834713785553472e849c2c8f8500f47a6127e3777d91825720e63d990b685233537348542cdd6c349ce
-
SSDEEP
24576:7iwipAVthNpeXz0HZf/dcgxdq1bgi15rliio36ebf:7ipAHByy11cgbqFHXQBf
Static task
static1
Behavioral task
behavioral1
Sample
CHEMICAL LIST.exe
Resource
win10-20240404-en
Malware Config
Extracted
remcos
JONS
172.245.208.13:4445
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-R7QS5C
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
CHEMICAL LIST.exe
-
Size
1.1MB
-
MD5
e5e37deeb7920cf1199eb50193f91de8
-
SHA1
9d76b0e3ec399dbe44bedb34a9ecf277780ad22b
-
SHA256
49fd8c11aea9a7f1f40a3dd3f7628e98eea7ce9b5bccce82ce1550cb236fab0c
-
SHA512
5e94ca6ef4bfad5008da6a854f66942701a88b1d9098146cf08c6e4b8d8e3ebe83c5b568c686157d1e7701a56c738f9945efc00607ac141572b61f9f4215b9a2
-
SSDEEP
24576:R+LZT1sZPl2IQPrgqbKH6cVWQDkmqcUUvsp9KhZZ:R+ZkSMqdZ65UpcZ
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-