General
-
Target
moon.exe
-
Size
423KB
-
Sample
241216-xtvfwsxrdy
-
MD5
b1c7d8102bcab505d2fdec27282767f3
-
SHA1
4f3496b126eabcd57335e2a315d59bdd2e043c89
-
SHA256
010b6fa39f761c1444233c206b2c4434428a75ff9d0583bcb84b12e2804340db
-
SHA512
c1da6810dbcf11b582f80820f55279258a5779eb420ec5a19b9da04a3d90dc37febb841e50d54be55b2fc447d77fd8f775a1e6f5ac7e8e10acb35bbbf8ce6748
-
SSDEEP
6144:YeghbOV4Asvo/Z+wo6TmTIHnqgKIuTi5gTaWnLLDt1dbWAOaKapXFWbcFSU:YeKbOV4A3ho9IKNti5gT/wUzzWTU
Behavioral task
behavioral1
Sample
moon.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
remcos
3.8.0 Light
moon
204.10.194.175:4444
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
WindowsUpdater.exe
-
copy_folder
WindowsUpdater
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%SystemDrive%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-4GSXVB
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
WindowsUpdater
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
moon.exe
-
Size
423KB
-
MD5
b1c7d8102bcab505d2fdec27282767f3
-
SHA1
4f3496b126eabcd57335e2a315d59bdd2e043c89
-
SHA256
010b6fa39f761c1444233c206b2c4434428a75ff9d0583bcb84b12e2804340db
-
SHA512
c1da6810dbcf11b582f80820f55279258a5779eb420ec5a19b9da04a3d90dc37febb841e50d54be55b2fc447d77fd8f775a1e6f5ac7e8e10acb35bbbf8ce6748
-
SSDEEP
6144:YeghbOV4Asvo/Z+wo6TmTIHnqgKIuTi5gTaWnLLDt1dbWAOaKapXFWbcFSU:YeKbOV4A3ho9IKNti5gT/wUzzWTU
Score3/10 -