General
-
Target
46004e5408d63486737753e360a3c9ef74246163497c920d1ac7aa504c488e54.msi
-
Size
2.8MB
-
Sample
241222-cnvjgsyqgw
-
MD5
a2a7ff35bd33480418bd39e0832d0875
-
SHA1
8cd2ec2310b1240ffa9944631c409e658cea03a7
-
SHA256
46004e5408d63486737753e360a3c9ef74246163497c920d1ac7aa504c488e54
-
SHA512
20b4bcc20bdd3d40ec0d2d3f8531615c5fce78339784dd8f346e6aeccdca8307f472e59d9f246daeb1e1a4343c9d6d53f83b2deb7eb21f5b4035b2d083ad037c
-
SSDEEP
49152:IiSoOl+YyNuCClJkqwhmsl5aBZJnxsTKHgX7Gu0ojmWS8MqIugHt:It7+YJCCvkEsloxTHZojmWhDg
Static task
static1
Behavioral task
behavioral1
Sample
46004e5408d63486737753e360a3c9ef74246163497c920d1ac7aa504c488e54.msi
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
46004e5408d63486737753e360a3c9ef74246163497c920d1ac7aa504c488e54.msi
Resource
win10v2004-20241007-en
Malware Config
Extracted
remcos
Teddy
adminitpal.com:8080
adminitpal.com:443
-
audio_folder
MicRecords
-
audio_path
ApplicationPath
-
audio_record_time
5
-
connect_delay
5
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
putty
-
mouse_option
false
-
mutex
tRvr-YKFHJK
-
screenshot_crypt
false
-
screenshot_flag
true
-
screenshot_folder
Putty
-
screenshot_path
%AppData%
-
screenshot_time
1
- startup_value
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;chrome;edge;
Targets
-
-
Target
46004e5408d63486737753e360a3c9ef74246163497c920d1ac7aa504c488e54.msi
-
Size
2.8MB
-
MD5
a2a7ff35bd33480418bd39e0832d0875
-
SHA1
8cd2ec2310b1240ffa9944631c409e658cea03a7
-
SHA256
46004e5408d63486737753e360a3c9ef74246163497c920d1ac7aa504c488e54
-
SHA512
20b4bcc20bdd3d40ec0d2d3f8531615c5fce78339784dd8f346e6aeccdca8307f472e59d9f246daeb1e1a4343c9d6d53f83b2deb7eb21f5b4035b2d083ad037c
-
SSDEEP
49152:IiSoOl+YyNuCClJkqwhmsl5aBZJnxsTKHgX7Gu0ojmWS8MqIugHt:It7+YJCCvkEsloxTHZojmWhDg
-
Remcos family
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-