General
-
Target
Backdoor.exe
-
Size
92KB
-
Sample
240630-y79y6sxgmj
-
MD5
1ae56ec879a82b9d0b34637cdbb498ef
-
SHA1
523c2d5e3864c0be7593f7cb8d3cc5ef8391eba0
-
SHA256
5abf99b5cb761cf5e1b14a3cf9f0edfff6b932592772aa422e2d1a691fe25432
-
SHA512
4a5d836330d0e3a8451a83b31c9b122f6b0aff27a58ea97f8a07bb9dc22c19835b80e5588957551da645e5c7299193e32945287e709dd8579d30ec89fdb27bf7
-
SSDEEP
1536:ohhW0YTGZWdVseJxaM9kraLdV2QkQ1TbPX8IHOCkIsI4ESHNTh9E+JP19qkP6XrE:uhzYTGWVvJ8f2v1TbPzuMsIFSHNThy+D
Behavioral task
behavioral1
Sample
Backdoor.exe
Resource
win10-20240404-en
Malware Config
Extracted
remcos
1.7 Pro
Host
185.254.97.15:2404
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
true
-
install_flag
true
-
install_path
%SystemDrive%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
remcos_rukbdcxfoo
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Backdoor.exe
-
Size
92KB
-
MD5
1ae56ec879a82b9d0b34637cdbb498ef
-
SHA1
523c2d5e3864c0be7593f7cb8d3cc5ef8391eba0
-
SHA256
5abf99b5cb761cf5e1b14a3cf9f0edfff6b932592772aa422e2d1a691fe25432
-
SHA512
4a5d836330d0e3a8451a83b31c9b122f6b0aff27a58ea97f8a07bb9dc22c19835b80e5588957551da645e5c7299193e32945287e709dd8579d30ec89fdb27bf7
-
SSDEEP
1536:ohhW0YTGZWdVseJxaM9kraLdV2QkQ1TbPX8IHOCkIsI4ESHNTh9E+JP19qkP6XrE:uhzYTGWVvJ8f2v1TbPzuMsIFSHNThy+D
Score10/10-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-