General
-
Target
a964f632cb0e524f5f7784a1b99da4bbde98216128e74713eb12851b83073075
-
Size
515KB
-
Sample
240427-m8ptvahc23
-
MD5
3e1fb053e8ca0281a2952fbdced68d1e
-
SHA1
0af4262bd9b8b2ac335a27aac5211d6242d14884
-
SHA256
a964f632cb0e524f5f7784a1b99da4bbde98216128e74713eb12851b83073075
-
SHA512
498683b0aa74a335372810d25f6b4456264b3fff17536822ee24adbc560d5932601420c942e4a1dfbf800397c864300fffb14e89b620217321d857f6b0d40cf9
-
SSDEEP
12288:1fLwLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLPLLLLLLLLLL2:1fLwLLLLLLLLLLLLLLLLLLLLLLLLLLL6
Static task
static1
Behavioral task
behavioral1
Sample
a964f632cb0e524f5f7784a1b99da4bbde98216128e74713eb12851b83073075.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
a964f632cb0e524f5f7784a1b99da4bbde98216128e74713eb12851b83073075.exe
Resource
win11-20240426-en
Malware Config
Extracted
remcos
RemoteHost
172.94.101.172:6238
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-ZY6SQA
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
a964f632cb0e524f5f7784a1b99da4bbde98216128e74713eb12851b83073075
-
Size
515KB
-
MD5
3e1fb053e8ca0281a2952fbdced68d1e
-
SHA1
0af4262bd9b8b2ac335a27aac5211d6242d14884
-
SHA256
a964f632cb0e524f5f7784a1b99da4bbde98216128e74713eb12851b83073075
-
SHA512
498683b0aa74a335372810d25f6b4456264b3fff17536822ee24adbc560d5932601420c942e4a1dfbf800397c864300fffb14e89b620217321d857f6b0d40cf9
-
SSDEEP
12288:1fLwLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLPLLLLLLLLLL2:1fLwLLLLLLLLLLLLLLLLLLLLLLLLLLL6
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-