General
-
Target
GDVCDDD.tmp.zip
-
Size
787KB
-
Sample
240509-2lc9vsaf7t
-
MD5
5f71607d12581d8d425c75bb47e09505
-
SHA1
76f9f40e8bcdbebf7dbf3625c9e8e930011eb56a
-
SHA256
be32aacbb47498a6126f1f1b2318be29431ebd6fbd09812a61d734b6c1f14574
-
SHA512
e39e4e9896a84df890d73473873a02541a758cbded50b5b242c170ff39bd3f7749ec8c3210ba55439e033eb69c93c9f435981c5432f2ca3c7158110dfcf7b537
-
SSDEEP
12288:PsCwfpg4MpBlhFNyfwOJ9rA2rlCfu5yp5Fdayk6qX0LZhBWlhrn8zvaMvaKpmzxD:PsGpBlhyYKhPA2spTZk6qX0N/iiaKsoq
Behavioral task
behavioral1
Sample
AWB JGS-002-20240507 DOCUNMENTS.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
AWB JGS-002-20240507 DOCUNMENTS.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
out.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
out.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
remcos
1218202300
softwareupdatexkwre.duckdns.org:45682
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
hdgd-8HWPTM
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
AWB JGS-002-20240507 DOCUNMENTS.exe
-
Size
811KB
-
MD5
ee60d483d59011c989fc7a56deca8923
-
SHA1
dd414ba3307c37ff440c7bb84410f803acaaa711
-
SHA256
8e74e39d47f93876716dd58b3aa2d0e009a67354b5eb09a12bdd65ac9a319ba7
-
SHA512
313695b597d205432e27ac65be3c028686ffa2dd98bd3543ba09659997a4e7005ec04593b4131843714187b18a95bb381106080848894ce1ac59e5c15c6aa197
-
SSDEEP
12288:PYV6MorX7qzuC3QHO9FQVHPF51jgcwNE4fIwfx/nA57lYrCUaP1OyFjsd:cBXu9HGaVHqE4g8nA5CrXazFj0
Score10/10-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
-
-
Target
out.upx
-
Size
1.3MB
-
MD5
a43a498c1226f06fb7061f5e8ae714c4
-
SHA1
810d1c3eabdc7223762417c3acf14cfa5af28b27
-
SHA256
97c0ba69ba0959ecda8193e99ec0af0a1607ddd4dcefbf1572427f0c8768c49e
-
SHA512
e68fe09994f88e8d5f2e47444f1244b8340158a43cbf9dc54970b2be37df3b51b3ecf666af971a75cf9479e483e6c4ad9876adabc1396109dd51fabf117213c6
-
SSDEEP
24576:lAHnh+eWsN3skA4RV1Hom2KXDmmE4g8nA5CrXazFj0:Uh+ZkldoPKzvO8nA5C7azV
Score1/10 -