General
-
Target
FINAL CMR.-Transportauftrag Nachlauf new.exe
-
Size
1004KB
-
Sample
240422-vt958sdg87
-
MD5
65776d668bf11116dd97b54c1c280fd5
-
SHA1
512cb011ee03041f66456e052a39a4062113f6a7
-
SHA256
0a53c3881a3fa2a2219dacf69df133a66250063ffee9cc35bfe1e56759286682
-
SHA512
5e1e771596ed2f8e3737db2c349b45924def9ee0ba84865017abb2a4e1c3569f98c5526ed2781ee8361f1a7d0da2fa8c30cc4e757bb0b2519d542c06c830977c
-
SSDEEP
24576:8IGB3Fr2WJfxpzXTuvMJbmhQU/YydIE5Ltp:ExZjuvMxmhB/Ylyp
Static task
static1
Behavioral task
behavioral1
Sample
FINAL CMR.-Transportauftrag Nachlauf new.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
FINAL CMR.-Transportauftrag Nachlauf new.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Wambliness/Apollinarisernes/Tailet.ps1
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Wambliness/Apollinarisernes/Tailet.ps1
Resource
win10v2004-20240412-en
Malware Config
Extracted
remcos
Top
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
mqerms.dat
-
keylog_flag
false
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
alpwovnb-G3F5OR
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
FINAL CMR.-Transportauftrag Nachlauf new.exe
-
Size
1004KB
-
MD5
65776d668bf11116dd97b54c1c280fd5
-
SHA1
512cb011ee03041f66456e052a39a4062113f6a7
-
SHA256
0a53c3881a3fa2a2219dacf69df133a66250063ffee9cc35bfe1e56759286682
-
SHA512
5e1e771596ed2f8e3737db2c349b45924def9ee0ba84865017abb2a4e1c3569f98c5526ed2781ee8361f1a7d0da2fa8c30cc4e757bb0b2519d542c06c830977c
-
SSDEEP
24576:8IGB3Fr2WJfxpzXTuvMJbmhQU/YydIE5Ltp:ExZjuvMxmhB/Ylyp
Score10/10-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Wambliness/Apollinarisernes/Tailet.Unm
-
Size
56KB
-
MD5
f2e779561795736d366beb06fa554a27
-
SHA1
b94323b998671cda6aeb112ee4638ac059e17c46
-
SHA256
e4ae0ff3adcacc0924c58ce16e8deab2a9968d789fac2cbbbba9d9f6a6e72531
-
SHA512
4d8c925137983c61d3bc6c454b32a0d75eb050437353d4ce6acbed9feff131add0906007669e9c50289b9ac66d9927ce9c45776180791b79ee3386ebc87f5dc9
-
SSDEEP
1536:wzPuCKLrlcdAqZ7EvzIZgAMEOBvr9Yf0J+0:wg5cjmzA7+5
Score8/10-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-