General
-
Target
SwiftPaymentRef_002993d93039.7Z
-
Size
1.2MB
-
Sample
240508-vmhgmsgh59
-
MD5
0f0c14d52036838e53879c2d7ee8b21c
-
SHA1
0103d5d9f8fe6d7dfc791ec2b12015b727f9ec4e
-
SHA256
9bfdd773846d716fbcd4837f0b7864f622072412ce5ab3fcedad413e7a40a55a
-
SHA512
4a9820df710e36b93ee27efe91ad60a718d48ea147043fc53095a88ef2b794c4a2f7b64a6cbdbbd6b75a3dc65601eb6cc749fbae16435f514281a7d27ba99110
-
SSDEEP
24576:1iEHFPIOiJ1hn2rGoca3rKnc42AImsDp0eES9xH97wK9mT9:c8a5/a7Knc42tmWpnJwK9mT9
Static task
static1
Behavioral task
behavioral1
Sample
SwiftPaymentRef_002993d93039.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
SwiftPaymentRef_002993d93039.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
remcos
Swift
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
iexplorer
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
zmt-XF0CR9
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
SwiftPaymentRef_002993d93039.exe
-
Size
1.2MB
-
MD5
6eb823ea2f01727c7f29bed5ad17a592
-
SHA1
adfa5d6bd27a16ce33ada6fde7194ccc1a7e1192
-
SHA256
da4fd886b7ca69a6e1eb12c6698f7b99e5623860fa3172c4c3287381051d59dd
-
SHA512
2e70951ff4f7affe98abd5d0cf75d0f89e06a272463cfab8d98743412b930cb11d6980690b93b63935d25d797e9942341f32f645b18f6ef933d95d1ff847baad
-
SSDEEP
24576:diEHFPIOiJ1hn2rGoca3rKnc42AImsDp0eES9xH97wK9mT:U8a5/a7Knc42tmWpnJwK9mT
Score10/10-
Adds Run key to start application
-