General
-
Target
3a68ca00f014589a8f29e3e5160972f53e267ee79d31acf48a28bf5b472a5919.exe
-
Size
483KB
-
Sample
240913-hwytrs1ckb
-
MD5
442d51717794802dfc1e9d47dbea6e91
-
SHA1
7d562b6abda242d13460c342d9fa2e5a71c9914f
-
SHA256
3a68ca00f014589a8f29e3e5160972f53e267ee79d31acf48a28bf5b472a5919
-
SHA512
f8dc957083a57e1a23c255ad2864ebf18f239c38bd0414119957fbd088ebb811141ad5ee15256d2236284a9b44e8c82752950f51f66d6e3e5a8fcd5302656b55
-
SSDEEP
6144:5Tz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZmAX4crkT4:5TlrYw1RUh3NFn+N5WfIQIjbs/ZmTT4
Malware Config
Extracted
remcos
RemoteHost
rcmpx.duckdns.org:57870
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
Google.exe
-
copy_folder
Google
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%WinDir%\System32
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc$urG9345JRjuDjdGoH-CQ6FPI
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
3a68ca00f014589a8f29e3e5160972f53e267ee79d31acf48a28bf5b472a5919.exe
-
Size
483KB
-
MD5
442d51717794802dfc1e9d47dbea6e91
-
SHA1
7d562b6abda242d13460c342d9fa2e5a71c9914f
-
SHA256
3a68ca00f014589a8f29e3e5160972f53e267ee79d31acf48a28bf5b472a5919
-
SHA512
f8dc957083a57e1a23c255ad2864ebf18f239c38bd0414119957fbd088ebb811141ad5ee15256d2236284a9b44e8c82752950f51f66d6e3e5a8fcd5302656b55
-
SSDEEP
6144:5Tz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZmAX4crkT4:5TlrYw1RUh3NFn+N5WfIQIjbs/ZmTT4
Score3/10 -