General
-
Target
JaffaCakes118_1fd70a9f7528d1c0a77ecbf6de91062d878be3022103efb59159f487f0322643
-
Size
11.2MB
-
Sample
241224-rkcltsyrbv
-
MD5
45d7a3762ef548a5c942fd2449340640
-
SHA1
e1ee95ebe3161d30050e6d2b6d1958773c3d21c3
-
SHA256
1fd70a9f7528d1c0a77ecbf6de91062d878be3022103efb59159f487f0322643
-
SHA512
44b8e2c3bb900faa4c0fc1a2f0d5d1d83d0398fc3986d324b95ad95fef5b1106424ae6ffbb11882948c882e7f3c105d3bd868a974d894884a7a96d1cfa3ce04c
-
SSDEEP
196608:0x+qYpUN2OXQ0z08+MSM6+dmlCtUCAqv+ZSdAzjBFrXB+msKfHo2l3:i+qN2EtzCn+dqlCAqabrRD3/D
Static task
static1
Behavioral task
behavioral1
Sample
d8cddc980098b654c3ac1c3b259063b1d23dd602c880a343987b278e0149a0ff.exe
Resource
win7-20241010-en
Malware Config
Extracted
remcos
2.5.0 Pro
GN07
g8m3cyido670ly5.club:2404
zykk5es6go3izsb.club:2404
j3wb76496fukmhj.ru:2404
6aj7sx0v4x0o7z8.ru:2404
yg9twivamv6sw0n.ru:2404
nxghej4nnhx4j8u.ru:2404
u4wqbjlplzi5hdx.ru:2404
xzpnhfvNlSjjchr.club:2404
LPBaFlDPvNSq11I.club:2404
ewgxBUwkuncJO90.club:2404
BCBNcQ393Z3HPLQ.club:2404
CEDSXoissLv2NiM.club:2404
PgqduOYXVZeNNam.xyz:2404
USd7O88wEMlUtX5.xyz:2404
pMfiryhhkiN98Px.xyz:2404
Se2Qwz60L2OxZNM.xyz:2404
GWtY0fiG58DCq6F.xyz:2404
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
alocal
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-7NX4GS
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
d8cddc980098b654c3ac1c3b259063b1d23dd602c880a343987b278e0149a0ff
-
Size
11.6MB
-
MD5
36ddc59c81a64a958522afe36db514eb
-
SHA1
38a91b48f008c1f373a497958b99b55759c31e8e
-
SHA256
d8cddc980098b654c3ac1c3b259063b1d23dd602c880a343987b278e0149a0ff
-
SHA512
30fbfdf2a72cb6dc32e3474183f7568612bf9073636b8f46c4dacc7159dcfaaaeae9b7f14099bdce127e1e4c6e76ceda95b4299d97908ebd47d43ca3de67fbe8
-
SSDEEP
196608:66d/muCW+Mwsdu3Z/pSyahZZNIb/rlDn7lPAUMmEzCLzBHelLat1jNX+usduHS9+:9/LmsdutoPhZZNM/pn7eUM0Lznt1pOh9
-
Remcos family
-
Drops startup file
-
Suspicious use of SetThreadContext
-