General
-
Target
b1a3514deefadcb5e65f913ee5360f55.bin
-
Size
15KB
-
Sample
240701-dlaa7sthnh
-
MD5
9e80be00c62aece0703df094f8def82f
-
SHA1
d62e970222cc3df4acfa6fc7029bc26c5ea88769
-
SHA256
767a12aba903c3382c309843125edd0132a350f36720ce66209ea20f2158711e
-
SHA512
97c9c3801b5bf5b93e12ef2fd9318520d72ab6f73e475532d49d05f8b2015ba608c95455dc4c009df17dae42cdba1ef16a03ecc793ec838468b44f2275124301
-
SSDEEP
384:ERKHWQB1tG/x8ByHU418n3hQXtHzGBKq4jNmPxXt7zVQhp5k:XHWQB16x8MH183GFzWKB0FVQLm
Static task
static1
Behavioral task
behavioral1
Sample
Quotation-04 - 609967.scr
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Quotation-04 - 609967.scr
Resource
win10v2004-20240611-en
Malware Config
Extracted
remcos
RemoteHost
107.173.62.181:17120
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-F9ZGZ8
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Quotation-04 - 609967.scr
-
Size
95KB
-
MD5
50cf2b84679ea401530b7e30d16f166b
-
SHA1
1720348ae4b55ce19a252e2161c6eb0684ebea10
-
SHA256
0738981879dde83f3a14602cfa2842e934a11c5339b460a8dd4c57c778221ddd
-
SHA512
273a2fe9402a237314dce9937a1ec0c36cdcef8a0e2820dcaf40382061fa7fc85ef9df7bfba0b237b40eb10d4ecc236eb650f528400860dd309666c1a1d519b1
-
SSDEEP
1536:mOhzJDZr9BzDNATEk9UbTV0+gRLVNI6e:lhzbrjDNATEkebh0BRk6e
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-