General
-
Target
39c096e77e2ce57c75d07b577dbf5899b5e883a3d3435a0a3d0313a52718496a.zip
-
Size
511KB
-
Sample
240814-2l2bpavapl
-
MD5
20718a9a3b1507318d9a99040f1a2ba5
-
SHA1
4bdb164336ee66464a3ddbc973cc853a1d866e64
-
SHA256
ac43825c40c583e02818f1f76e97376fa1f94451e41acc8ce58afc84f081577d
-
SHA512
9acb86be09245ac0bf23aafe558704f2b5853624736e85fd23968c0be68abc7db061ae2f07dbd150fa42a6020ad1cdff874b6cc48b4eea8688e88250ae334a03
-
SSDEEP
12288:OzGmfCoben7YBhCmTkAp3R3KZZwSJJQd08hdh04:OZZOc1plKZsyWX
Static task
static1
Behavioral task
behavioral1
Sample
39c096e77e2ce57c75d07b577dbf5899b5e883a3d3435a0a3d0313a52718496a.exe
Resource
win11-20240802-en
Malware Config
Extracted
remcos
RemoteHost
194.169.175.190:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-LBZ2BK
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
39c096e77e2ce57c75d07b577dbf5899b5e883a3d3435a0a3d0313a52718496a.bin
-
Size
670KB
-
MD5
31dea80f55b9485ad4dd9a8636b7b12e
-
SHA1
d6987a2bed5c0af40ffa425a8bcd5960bc2a16b7
-
SHA256
39c096e77e2ce57c75d07b577dbf5899b5e883a3d3435a0a3d0313a52718496a
-
SHA512
2cca917add60b40c877a315b50382583c3a6a07055290dfa7345214e6d9cbfe501ef524f65f3427672231b8a241e8ec0394231e1cd0d606baa706bc9e3df84ad
-
SSDEEP
12288:cu70DgkcKSx+zPDp2eZcnbgvsFxqFGC4SEYSU+9vzqqYVYRDl0u:T4DgksE3ZvvsFxqFX/EYD+1fYVsn
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-