General
-
Target
b9b5828c12ceae56bbb1ce6e44544a0597221cc786e1b0d7f8ffcd845a6ae3b0
-
Size
3.6MB
-
Sample
240418-z4nr7sgc3w
-
MD5
1eb3a82293aaebf5b153985df3a2c9a0
-
SHA1
69aef7cbc1f0e2a81842f918231eadb526764edc
-
SHA256
b9b5828c12ceae56bbb1ce6e44544a0597221cc786e1b0d7f8ffcd845a6ae3b0
-
SHA512
b18c9856e601df9f5aa6d0948f2cc2f466d8b4f899e811002291785174d9a8c130893c9064a065006ac6e09a4595e37d394af5b92125e95eef720f45474543a9
-
SSDEEP
98304:wpJXsOfEi+BfR7PbdqaJs6SXH3Fe31cOdN:8bDuBYxXH3Fe31cOdN
Static task
static1
Behavioral task
behavioral1
Sample
b9b5828c12ceae56bbb1ce6e44544a0597221cc786e1b0d7f8ffcd845a6ae3b0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b9b5828c12ceae56bbb1ce6e44544a0597221cc786e1b0d7f8ffcd845a6ae3b0.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
remcos
ARMAS
rfglnlsdknflsdnfldsns.con-ip.com:1997
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-4YZJPX
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
b9b5828c12ceae56bbb1ce6e44544a0597221cc786e1b0d7f8ffcd845a6ae3b0
-
Size
3.6MB
-
MD5
1eb3a82293aaebf5b153985df3a2c9a0
-
SHA1
69aef7cbc1f0e2a81842f918231eadb526764edc
-
SHA256
b9b5828c12ceae56bbb1ce6e44544a0597221cc786e1b0d7f8ffcd845a6ae3b0
-
SHA512
b18c9856e601df9f5aa6d0948f2cc2f466d8b4f899e811002291785174d9a8c130893c9064a065006ac6e09a4595e37d394af5b92125e95eef720f45474543a9
-
SSDEEP
98304:wpJXsOfEi+BfR7PbdqaJs6SXH3Fe31cOdN:8bDuBYxXH3Fe31cOdN
Score10/10-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-