General
-
Target
Quotation.txz.rar
-
Size
1.2MB
-
Sample
240724-qfhfvazfqe
-
MD5
7cad5fe29e9c6ec840ffa59e1605797c
-
SHA1
93a8501ad075829e3b160812ff572db628128ea5
-
SHA256
f63ff6fa4ae65577ee42bf6db32b83f581211a94a43d3dfe3e58ef24da69479d
-
SHA512
9b41f75ab99ab2814f7a150e924c933235b0abbe8f52a94c5cc3d81169cc731c8139658b54eee8c7d2512154b52099fb723b3c7ec52f20883984d7d56fb268d2
-
SSDEEP
24576:6eNzJvGKsG0cV8u9HRhr8kA+V2EylI6PbDSOw5CzmOnPsfExOfbN:bvGzRcX9HRV8g9ylIZOG+pfUTN
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20240708-en
Malware Config
Extracted
remcos
ZIP
vegetachcnc.com:2556
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
chrome-76G0MC
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Quotation.exe
-
Size
2.2MB
-
MD5
3dc93db22f80681d7d49143038d8ff8a
-
SHA1
3726fd2ed48dd31b57e11c1d670e1544626eeee0
-
SHA256
38e861d71b9182f040db8d503b709b57f1b73ba9cfa64abffbf57fa49457b6d0
-
SHA512
79d911bae66ef159ea7f533b26279d003e6b71359626e7fc39c4442aea9c2419760e198529abe1d8f0b4628978b631cc09593baa6436425728ce26479c60ea7e
-
SSDEEP
49152:4B1BRf3rOSzOzrFNj8e1KbWF8K7Vk3SZTH4OWOEkw/R8tDYWg1Zpb67aU2kmbguq:IaRrFCIeE7aUXwMP
-
Suspicious use of SetThreadContext
-