General
-
Target
z1PROOFOFPAYMENT.exe
-
Size
963KB
-
Sample
240422-thxv4add2s
-
MD5
3b8dd99d65b19a84a276a05804005790
-
SHA1
c300f31e8e67b4bd92504b94d5d2294b0f8ef5cb
-
SHA256
efbde8c3fc0f8f18b6b2c93fae4c7aaaa137f866a9d112ebdc534b8477485261
-
SHA512
6c15f448fdbe5cd63fcb010aae0aa253f9a9702d1edf7527ab73917896fd83b9f5bbd25f8494deabf7c612f7cf3448115f4f9925beaedf395e534158fb630bb5
-
SSDEEP
24576:uC8wC9aeW7T4WfjBrAodA0bbwkTQ8NmCQN0iiLX:uCG9+FvbzaCQ1
Static task
static1
Behavioral task
behavioral1
Sample
z1PROOFOFPAYMENT.exe
Resource
win7-20240221-en
Malware Config
Extracted
remcos
STHost
89.249.73.162:2479
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-TH3UQH
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
z1PROOFOFPAYMENT.exe
-
Size
963KB
-
MD5
3b8dd99d65b19a84a276a05804005790
-
SHA1
c300f31e8e67b4bd92504b94d5d2294b0f8ef5cb
-
SHA256
efbde8c3fc0f8f18b6b2c93fae4c7aaaa137f866a9d112ebdc534b8477485261
-
SHA512
6c15f448fdbe5cd63fcb010aae0aa253f9a9702d1edf7527ab73917896fd83b9f5bbd25f8494deabf7c612f7cf3448115f4f9925beaedf395e534158fb630bb5
-
SSDEEP
24576:uC8wC9aeW7T4WfjBrAodA0bbwkTQ8NmCQN0iiLX:uCG9+FvbzaCQ1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-