General
-
Target
Remcos Professional Cracked By Alcatraz3222.exe
-
Size
17.7MB
-
Sample
240701-v6ng1a1ajc
-
MD5
6e666074d66b2f28bf4b761cebf21a82
-
SHA1
79023d7fccda2e7c6fdee339a6fa3d467c120ee6
-
SHA256
774cac1c07b72d4a0a97f4885156788e5bcb76888e99b4271c3d25fb61a92518
-
SHA512
be8cf140dbc41cf7653b5705b0e0ec4e66be3c12afad2e21e15e29401bf1e98b301191a68c3bf6dd3309161a98f0945ba3e8bf546dbd18db1b82640272ef6795
-
SSDEEP
393216:aYuGvV8EHb+in8f4Zg41+Q4AXf5ZZcyfHDMxVpSc+q+eOFxdx:zKqSi8fN4sAXfrZcyfo7p0eYHx
Static task
static1
Behavioral task
behavioral1
Sample
Remcos Professional Cracked By Alcatraz3222.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Remcos Professional Cracked By Alcatraz3222.exe
Resource
win11-20240611-en
Malware Config
Extracted
njrat
0.7d
HacKed
dllsys.duckdns.org:3202
3b570ffeeb3d34249b9a5ce0ee58a328
-
reg_key
3b570ffeeb3d34249b9a5ce0ee58a328
-
splitter
svchost
Targets
-
-
Target
Remcos Professional Cracked By Alcatraz3222.exe
-
Size
17.7MB
-
MD5
6e666074d66b2f28bf4b761cebf21a82
-
SHA1
79023d7fccda2e7c6fdee339a6fa3d467c120ee6
-
SHA256
774cac1c07b72d4a0a97f4885156788e5bcb76888e99b4271c3d25fb61a92518
-
SHA512
be8cf140dbc41cf7653b5705b0e0ec4e66be3c12afad2e21e15e29401bf1e98b301191a68c3bf6dd3309161a98f0945ba3e8bf546dbd18db1b82640272ef6795
-
SSDEEP
393216:aYuGvV8EHb+in8f4Zg41+Q4AXf5ZZcyfHDMxVpSc+q+eOFxdx:zKqSi8fN4sAXfrZcyfo7p0eYHx
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-