General
-
Target
4.exe
-
Size
811KB
-
Sample
240509-rbygyagb58
-
MD5
ee60d483d59011c989fc7a56deca8923
-
SHA1
dd414ba3307c37ff440c7bb84410f803acaaa711
-
SHA256
8e74e39d47f93876716dd58b3aa2d0e009a67354b5eb09a12bdd65ac9a319ba7
-
SHA512
313695b597d205432e27ac65be3c028686ffa2dd98bd3543ba09659997a4e7005ec04593b4131843714187b18a95bb381106080848894ce1ac59e5c15c6aa197
-
SSDEEP
12288:PYV6MorX7qzuC3QHO9FQVHPF51jgcwNE4fIwfx/nA57lYrCUaP1OyFjsd:cBXu9HGaVHqE4g8nA5CrXazFj0
Behavioral task
behavioral1
Sample
4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
remcos
1218202300
softwareupdatexkwre.duckdns.org:45682
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
hdgd-8HWPTM
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
4.exe
-
Size
811KB
-
MD5
ee60d483d59011c989fc7a56deca8923
-
SHA1
dd414ba3307c37ff440c7bb84410f803acaaa711
-
SHA256
8e74e39d47f93876716dd58b3aa2d0e009a67354b5eb09a12bdd65ac9a319ba7
-
SHA512
313695b597d205432e27ac65be3c028686ffa2dd98bd3543ba09659997a4e7005ec04593b4131843714187b18a95bb381106080848894ce1ac59e5c15c6aa197
-
SSDEEP
12288:PYV6MorX7qzuC3QHO9FQVHPF51jgcwNE4fIwfx/nA57lYrCUaP1OyFjsd:cBXu9HGaVHqE4g8nA5CrXazFj0
Score10/10-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-