General
-
Target
95b886994ac95993c029c32f1e580306e1aeb07e1ba9ddcfd20b6f93b0942d63
-
Size
36KB
-
Sample
240419-t7smnshd93
-
MD5
f15ba6083619a47fe4ee5ae3e8ca921e
-
SHA1
4970c3d98cec21192f77f98d2219d660616c9ca5
-
SHA256
95b886994ac95993c029c32f1e580306e1aeb07e1ba9ddcfd20b6f93b0942d63
-
SHA512
11bab3c3e1bb1d8e8f97796ff807bd7c68bd938a07fc60a391a162b9139c4c46f6c31c46ab51627a0660482dab94e8921e853f26a6b8179a85f2cb67daba8af5
-
SSDEEP
768:XpgqRP5JlAExWIhLu3O+xRUyMgdOUrES6gCKT4f31tzY6Zperu42RxTw:XpnRPTxXu3OARegHignMf1ts6ZwD
Static task
static1
Behavioral task
behavioral1
Sample
a32d57511ebc8b2c48fc43e2228b227bfb7eed8b34f9d55cdc9958de86bb64d9.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a32d57511ebc8b2c48fc43e2228b227bfb7eed8b34f9d55cdc9958de86bb64d9.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
remcos
RemoteHost
23.95.60.87:8823
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-SYIEJK
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
a32d57511ebc8b2c48fc43e2228b227bfb7eed8b34f9d55cdc9958de86bb64d9.exe
-
Size
72KB
-
MD5
1ebe49c58035c4521d998e998253260d
-
SHA1
7bde1b01007542cef137080ec42e4b2390d99a33
-
SHA256
a32d57511ebc8b2c48fc43e2228b227bfb7eed8b34f9d55cdc9958de86bb64d9
-
SHA512
dcd50aa0723041ad02509b9aac42b977abc083953158cd84cc8a101f2cc0885304f5a934164826b5a0c319ff0d5210d8833e9d7b7b6c1ad5b63a973e4eae7804
-
SSDEEP
768:tiyTdqssLTzWlSrky5qimuGdk2mxXl9fmNNS9VWzIzlBaCAWGiLFTsaBD0pdXRNv:GU0fWzOl5ZTsaBD054S5+cnl
Score10/10-
Suspicious use of SetThreadContext
-