General
-
Target
6371b48a99a80e174d8f2a0a9245f060cb81a29422067453444d247c9c669e65.exe
-
Size
502KB
-
Sample
240511-khsfyaca34
-
MD5
00ba7c7288a2f5dfa4d5830c4f4d2136
-
SHA1
30f5d6789f0df7e3a07157c46670406a5062a657
-
SHA256
6371b48a99a80e174d8f2a0a9245f060cb81a29422067453444d247c9c669e65
-
SHA512
d39601d93962ebd1aff1b6a5f568f6ba29c3662e33efcd1d26162f2051642cc7419c73b389d0438ca994d0794d172e76f6afe3a192b0889dc836543f20a53f6b
-
SSDEEP
12288:iMwDzKqeuG3wRlbfqMj1AfOw4M/pmveDZu:7wDs3wRV//JM/p6eDZu
Static task
static1
Behavioral task
behavioral1
Sample
6371b48a99a80e174d8f2a0a9245f060cb81a29422067453444d247c9c669e65.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
6371b48a99a80e174d8f2a0a9245f060cb81a29422067453444d247c9c669e65.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Beedi145/topically.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Beedi145/topically.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Turbid/Bilvragene/unbendable/Fordrejelsens5.com
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
Turbid/Bilvragene/unbendable/Fordrejelsens5.com
Resource
win10v2004-20240508-en
Malware Config
Extracted
remcos
RemoteHost
172.93.222.147:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-GZK076
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
6371b48a99a80e174d8f2a0a9245f060cb81a29422067453444d247c9c669e65.exe
-
Size
502KB
-
MD5
00ba7c7288a2f5dfa4d5830c4f4d2136
-
SHA1
30f5d6789f0df7e3a07157c46670406a5062a657
-
SHA256
6371b48a99a80e174d8f2a0a9245f060cb81a29422067453444d247c9c669e65
-
SHA512
d39601d93962ebd1aff1b6a5f568f6ba29c3662e33efcd1d26162f2051642cc7419c73b389d0438ca994d0794d172e76f6afe3a192b0889dc836543f20a53f6b
-
SSDEEP
12288:iMwDzKqeuG3wRlbfqMj1AfOw4M/pmveDZu:7wDs3wRV//JM/p6eDZu
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Beedi145/topically.exe
-
Size
1KB
-
MD5
736259da4e0d21fba8c7f86ecb424ce3
-
SHA1
03b0d554f01a5b876fa33e755016b3dfe389c0cd
-
SHA256
411a45e06eaad98f70ff338b9f35e7d27bb2e7ca1376c93f5781dc394d0754c9
-
SHA512
c2726be1e6ac60de78d0649d6d187a955d5dbad97ece1c69eaf05ad4ca4c44acd1c938dd0eae3637497403439ae7b871931be14020a46e7ceaa4f21e0d6cbc1e
Score1/10 -
-
-
Target
Turbid/Bilvragene/unbendable/Fordrejelsens5.com
-
Size
2KB
-
MD5
33ee9b72f46c690c452275d95acead7c
-
SHA1
b7f49f22a40fe7e1ff7d12a5cc18946f37d015c2
-
SHA256
8aecb386474d73a802d255d1aba5b7413fdcdc8116635964bafd311b2596d9d6
-
SHA512
fe135c823a440b05c24febc3f94f5d7f509e15c90fb282d1c93a94cdf5ff3560a98d3d43cd36f085d1bd8360f4ef2ce4f910694bbef7a1f1f6c1966b4ec1e6ca
Score1/10 -