General
-
Target
FG098700000000.exe
-
Size
768KB
-
Sample
240819-tl2nfstdrc
-
MD5
989054c5af86019ccfa32642ae628639
-
SHA1
5fe55707a4eebd51723ea950aa80d3a49e810207
-
SHA256
1f75782173ef3b1b68650a95b7846bb35faa400d53b52fc1ad8b65a86bc72c88
-
SHA512
401e5f2508ddc81d24047cbf707f35c121fcc07c9e2be6f477175ee275e970a52e0aedb905ce0ca026645477d4b89dfb989dc9361302c037d632d67fe3e128d9
-
SSDEEP
12288:oYV6MorX7qzuC3QHO9FQVHPF51jgcHJqOhTbYQ270cUq+rMxw0GakFQjIE8xQPPK:HBXu9HGaVHH75bYjVM1T4M3aCjpn7
Behavioral task
behavioral1
Sample
FG098700000000.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
FG098700000000.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
remcos
RemoteHost
107.175.229.139:8823
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-2BGC0K
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
FG098700000000.exe
-
Size
768KB
-
MD5
989054c5af86019ccfa32642ae628639
-
SHA1
5fe55707a4eebd51723ea950aa80d3a49e810207
-
SHA256
1f75782173ef3b1b68650a95b7846bb35faa400d53b52fc1ad8b65a86bc72c88
-
SHA512
401e5f2508ddc81d24047cbf707f35c121fcc07c9e2be6f477175ee275e970a52e0aedb905ce0ca026645477d4b89dfb989dc9361302c037d632d67fe3e128d9
-
SSDEEP
12288:oYV6MorX7qzuC3QHO9FQVHPF51jgcHJqOhTbYQ270cUq+rMxw0GakFQjIE8xQPPK:HBXu9HGaVHH75bYjVM1T4M3aCjpn7
Score10/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-