General
-
Target
RFQ 1100-656-02.ace
-
Size
841KB
-
Sample
240522-j2nreshc6z
-
MD5
4114f0297ccb4ec74787cd25a71ec727
-
SHA1
e07c62c1ae10934ef698a8ac5b5dc67b9fe2bde8
-
SHA256
a5d707684f36df7d6046e10f9bd793090d5750716895c366ef7d407988a2bca7
-
SHA512
bba0f844cbde1475f3f38e18cafc6f630c24c9ca0ac8c674f25c8b1436f0dd2ed0335b9dc69c860e9fcb2acc7b69c8f73d7ff06c179011921ccc43b72b94196d
-
SSDEEP
24576:h2W4bzKA/ZkHJXGfDJJJu2lm4SeCWloDkOgGQLfb:0PbeekHJXGtJJu2EBNWl4kf
Static task
static1
Behavioral task
behavioral1
Sample
RFQ 1100-656-02.exe
Resource
win7-20231129-en
Malware Config
Extracted
remcos
KY MIX
192.210.201.57:52499
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-M2GVTY
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
RFQ 1100-656-02.exe
-
Size
856KB
-
MD5
a27c4215869da7c1f2121c54ec27549b
-
SHA1
f370447ada466a0db44bbd930e8517f79c35f0ba
-
SHA256
358f8d58da6f43e4cdb17fecc2e1fbb6a6492ca681d7c48080fd432ae834aa9c
-
SHA512
4b0c74606e1bc5422e21af49cfc433f71084661f4fbb5624efb57f46bcfdd916e3681ece8b28c343787fb1613e6791bef6ffca2f7ce1b1f140aa1cde7fffa556
-
SSDEEP
24576:j/odxK26kNtue9MTdBfW3HJfREKSPZYhkngIlBUKDWA:GrtuHBBUHJaPZYh3y3WA
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-