General
-
Target
50cf2b84679ea401530b7e30d16f166b.bin
-
Size
16KB
-
Sample
240630-chn5hssbqh
-
MD5
d6c9791d41b247051b5315513bd1f784
-
SHA1
e459dbaa31f45d1915e1767616f544cae346678a
-
SHA256
72a61910d0ce3c1796c072b1b7a14574918d3b1e5d5b23727ca8d55473ac3d57
-
SHA512
1bf65e7b97b091d877ef777054c8d87ab4addfe8fdce2f57f7e0f93780da62f7b429cd386bc50178f8c55f4ca5ebdd69e16bdec0279f26c2070140f2e9058115
-
SSDEEP
192:bjB+wz1BfO6+br0HYWNYs4C2hzPY2SW8mVYl/I86wgMzVgidTp01d3IfTe3j+ZtQ:B3xBG9i1rqzgSap6gvFpmGfTeSW0i
Static task
static1
Behavioral task
behavioral1
Sample
0738981879dde83f3a14602cfa2842e934a11c5339b460a8dd4c57c778221ddd.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
0738981879dde83f3a14602cfa2842e934a11c5339b460a8dd4c57c778221ddd.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
remcos
RemoteHost
107.173.62.181:17120
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-F9ZGZ8
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
0738981879dde83f3a14602cfa2842e934a11c5339b460a8dd4c57c778221ddd.exe
-
Size
95KB
-
MD5
50cf2b84679ea401530b7e30d16f166b
-
SHA1
1720348ae4b55ce19a252e2161c6eb0684ebea10
-
SHA256
0738981879dde83f3a14602cfa2842e934a11c5339b460a8dd4c57c778221ddd
-
SHA512
273a2fe9402a237314dce9937a1ec0c36cdcef8a0e2820dcaf40382061fa7fc85ef9df7bfba0b237b40eb10d4ecc236eb650f528400860dd309666c1a1d519b1
-
SSDEEP
1536:mOhzJDZr9BzDNATEk9UbTV0+gRLVNI6e:lhzbrjDNATEkebh0BRk6e
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-