General
-
Target
InspectorNvidiaPro-64.rar
-
Size
4.1MB
-
Sample
241210-pz7dms1kaq
-
MD5
f9cf7a5e0af0747f878d5d327d341a10
-
SHA1
f0921b5942914ab8d323c7a13c07fea8a73bd3cb
-
SHA256
6027eb649c27aa6c1ee848061c7733403a250a40989c4fdee84e7ffee3811cf7
-
SHA512
0fce9497b1b8054d7a427409b256f91a9b88f93aacbea24cbac15c366866820cb134587dfc4652e3567b1a47e60f3aff736d050c9680b85cb0564752300dafbf
-
SSDEEP
98304:diwl1HxvJStAf1p/VUUw5buDz6kH4yPEGxcXu3BDHxlCuAQV/:di21GAdp/VTCaYy5QIBFAAR
Static task
static1
Behavioral task
behavioral1
Sample
InspectorNvidiaPro-64.exe
Resource
win7-20240729-en
Malware Config
Extracted
remcos
5003
92.255.85.63:5003
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-7Z8WNB
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
InspectorNvidiaPro-64.exe
-
Size
1.6MB
-
MD5
912c89ac3e4ab699bd11cd2fc5da0bb2
-
SHA1
cd1499b70f084dca31343adb170fe3f618bd5933
-
SHA256
01f24017584c20793bdb7a066a1054b4474310ccda8ddd19a9521aa7cb0708ba
-
SHA512
b7fcf3222e862afae298ab32ba82be3fa90b01fc04f66c3a4e6b2b9e1f6556e15be9b8f331b0f466dcd1be127d14d2fa0ad711bcea46e0485454a53642c74ccd
-
SSDEEP
24576:j7FUDowAyrTVE3U5FEimXsOKK56BCObsE6UtoZmUd2N6xSIJQRn+KAXu:jBuZrEUzmXb0CUj1Ud2sMnNJ
-
Remcos family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-