General
-
Target
ed279d611a2a24da80e4b5c2f6abbf2a0e4f7714b59008bc89d0f39fd64aa6eb.exe
-
Size
906KB
-
Sample
240509-cnv51sch6x
-
MD5
4a10aa4917fc6e79dbb5726438097de1
-
SHA1
0bef4c5bb90092af4b8a65b9759b4846c31c9a03
-
SHA256
ed279d611a2a24da80e4b5c2f6abbf2a0e4f7714b59008bc89d0f39fd64aa6eb
-
SHA512
26da46e659926a9bca5c141d1af2c9d00986bb382c4011335d885d92a7a6056a4ab94af0259231b8da51feda0029cd574657b4d0f9124a97eaf27db0b4281bf6
-
SSDEEP
24576:HU2M/EokdSHmGd4nmzwn2xbUPWJ1znGjXcBfadwO:VMKSHmG6nwZUCzG4Bf
Static task
static1
Behavioral task
behavioral1
Sample
ed279d611a2a24da80e4b5c2f6abbf2a0e4f7714b59008bc89d0f39fd64aa6eb.exe
Resource
win7-20240221-en
Malware Config
Extracted
remcos
KY MIX
192.210.201.57:52499
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-M2GVTY
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
ed279d611a2a24da80e4b5c2f6abbf2a0e4f7714b59008bc89d0f39fd64aa6eb.exe
-
Size
906KB
-
MD5
4a10aa4917fc6e79dbb5726438097de1
-
SHA1
0bef4c5bb90092af4b8a65b9759b4846c31c9a03
-
SHA256
ed279d611a2a24da80e4b5c2f6abbf2a0e4f7714b59008bc89d0f39fd64aa6eb
-
SHA512
26da46e659926a9bca5c141d1af2c9d00986bb382c4011335d885d92a7a6056a4ab94af0259231b8da51feda0029cd574657b4d0f9124a97eaf27db0b4281bf6
-
SSDEEP
24576:HU2M/EokdSHmGd4nmzwn2xbUPWJ1znGjXcBfadwO:VMKSHmG6nwZUCzG4Bf
-
Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
-
Suspicious use of SetThreadContext
-