General
-
Target
ImmediatePaymentNotification.exe
-
Size
3.0MB
-
Sample
240610-m4ccysgd2z
-
MD5
1efdc3f1d20945f78d6cb0294b5020c0
-
SHA1
126885f891bb2040d177923ac20fddeaec641db4
-
SHA256
fe0f89d0d396ef2fcf0f3511feca351174464a44e4555a97030820628c776b29
-
SHA512
9adf910c9f23197657e56011b40dce1b9b68582d416e5d4b7399e4740f23d357bfbd96399ea630665134e7c954665974064bfdf3a20056c0dede351d5660fe83
-
SSDEEP
49152:nkridHa2kfPk71U/USq2wWQl3QQily0Y7hCOUVoyNlDDFAjrb/Nfdy/cUhojbThy:nkidbkfc+fPQlBjCNxDSPb/NVaGTh
Static task
static1
Behavioral task
behavioral1
Sample
ImmediatePaymentNotification.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
ImmediatePaymentNotification.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
remcos
Host
goodmoneyi.net:2467
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-7U70XY
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
ImmediatePaymentNotification.exe
-
Size
3.0MB
-
MD5
1efdc3f1d20945f78d6cb0294b5020c0
-
SHA1
126885f891bb2040d177923ac20fddeaec641db4
-
SHA256
fe0f89d0d396ef2fcf0f3511feca351174464a44e4555a97030820628c776b29
-
SHA512
9adf910c9f23197657e56011b40dce1b9b68582d416e5d4b7399e4740f23d357bfbd96399ea630665134e7c954665974064bfdf3a20056c0dede351d5660fe83
-
SSDEEP
49152:nkridHa2kfPk71U/USq2wWQl3QQily0Y7hCOUVoyNlDDFAjrb/Nfdy/cUhojbThy:nkidbkfc+fPQlBjCNxDSPb/NVaGTh
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-