General
-
Target
1efdc3f1d20945f78d6cb0294b5020c0.bin
-
Size
3.0MB
-
Sample
240612-bqjdkaxelc
-
MD5
95b5f95ebb4c689df3f226b644daefbd
-
SHA1
6ec60df322290742eadfc6a50457dfa3ad920dc4
-
SHA256
221c87d1bbe86e5142152c1a40b0b2443a3c115bb1d781000acf7cde4658cddb
-
SHA512
ceda68bb75ec88d82a7b1092519dc13a22faa26cc001887d657a1c7aec6b0692c6b2594aba187edb9887a97f2d0edfacfde42632cad3f86424dcef3929fcfee2
-
SSDEEP
49152:jXiIfQX/d2xxOglkj0IuBWc0O4Pkc7ufIol8d7rxdhlGZo+kBQ47Y9jN/G4yDadA:vfWGk4IuBJsjap8dYTkBvk3FdFf+Yg
Static task
static1
Behavioral task
behavioral1
Sample
fe0f89d0d396ef2fcf0f3511feca351174464a44e4555a97030820628c776b29.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fe0f89d0d396ef2fcf0f3511feca351174464a44e4555a97030820628c776b29.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
remcos
Host
goodmoneyi.net:2467
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-7U70XY
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
fe0f89d0d396ef2fcf0f3511feca351174464a44e4555a97030820628c776b29.exe
-
Size
3.0MB
-
MD5
1efdc3f1d20945f78d6cb0294b5020c0
-
SHA1
126885f891bb2040d177923ac20fddeaec641db4
-
SHA256
fe0f89d0d396ef2fcf0f3511feca351174464a44e4555a97030820628c776b29
-
SHA512
9adf910c9f23197657e56011b40dce1b9b68582d416e5d4b7399e4740f23d357bfbd96399ea630665134e7c954665974064bfdf3a20056c0dede351d5660fe83
-
SSDEEP
49152:nkridHa2kfPk71U/USq2wWQl3QQily0Y7hCOUVoyNlDDFAjrb/Nfdy/cUhojbThy:nkidbkfc+fPQlBjCNxDSPb/NVaGTh
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-