General
-
Target
ff4cba93f8beaafef07616a6c47729bf7bc6a146d446264ac2154d51b1b7c5ba
-
Size
392KB
-
Sample
240919-latvga1djc
-
MD5
7d812cadbca8a914e5988ff554b0b79f
-
SHA1
2784df21bb330ac2af1830ee99d70869219d3a12
-
SHA256
ff4cba93f8beaafef07616a6c47729bf7bc6a146d446264ac2154d51b1b7c5ba
-
SHA512
080a5ad169d8292d3e281957c928bf3fd127e39be15218b9877b3c5271095af92c893ad61b4715086488ac3de5e96caaf0edc910f46ce12e1d3ee370b18bb40a
-
SSDEEP
6144:ApmKNN2SD5/Kl9owgZX0XJdS6Sph+q7NNZuv0T1JtX5PXjXnCgLa52k0Sn:xKH5/uowgZEXJdS6S7+GNsutjXEck00
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
remcos
RemoteHost
subddfg.lol:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-7DPFW5
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Quotation.exe
-
Size
501KB
-
MD5
0b4ee9f14e7bd0aa331c61ebe5976309
-
SHA1
d1f020ae7b3a5c5365af80f2a57cb724e28f341d
-
SHA256
346469ceacfe6c1436f98f34d5f8ecbbd5d64bc077818b662e360be60c407160
-
SHA512
ea3b21ba9aa8706a0bf41346ec07aad1938029d9b9c7b3d73c34343451f71e80790c43304eace971909f47577ae56100d0d9e24ae55a9ad2f9f0988c044ac623
-
SSDEEP
6144:mC2Evn/IvIrb2mfrBaieg9X0XJxS6Iph+q7NNRuv0j1JtX7PXjrnCgLa526bvUpk:jnC8Cmf8ieg9EXJxS6I7+GNEgzjLEcvk
Score10/10-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
375e8a08471dc6f85f3828488b1147b3
-
SHA1
1941484ac710fc301a7d31d6f1345e32a21546af
-
SHA256
4c86b238e64ecfaabe322a70fd78db229a663ccc209920f3385596a6e3205f78
-
SHA512
5ba29db13723ddf27b265a4548606274b850d076ae1f050c64044f8ccd020585ad766c85c3e20003a22f356875f76fb3679c89547b0962580d8e5a42b082b9a8
-
SSDEEP
192:MPtkumJX7zB22kGwfy0mtVgkCPOs91un:9702k5qpds9Qn
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
4bbc9d77ef7f748f8c85750c3a445f0a
-
SHA1
d57a8304bb44ccdb3163b880b3c1bb213461399d
-
SHA256
482536968672d70279a5204060ff84ace25237f24b1bdf3b02e289d50ea5450c
-
SHA512
b9430939daab0c8b7e77b96f2f7f85e8e1abd9f43eccbdf94078f77ef05b31a2a31f04ca3a2eff5aa7cc965029ed437af2eb100c197ef51f128ca827ad20e902
-
SSDEEP
96:z7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgN63e:fXhHR0aTQN4gRHdMqJVgNp
Score3/10 -