General
-
Target
d56ddb9b2cb85e97a55f366aa00f53ffa566a6aa42964e56646cfb58663afd68.exe
-
Size
748KB
-
Sample
240705-cat1sszckn
-
MD5
1a047b9b776d41ec61cc91286c27be07
-
SHA1
42f4eb3e00d258e61cf98a125d025692ac68c88a
-
SHA256
d56ddb9b2cb85e97a55f366aa00f53ffa566a6aa42964e56646cfb58663afd68
-
SHA512
58f8c02e634ca82fc95472d29e49931c15edaad03a0a81d672b72e817037a5b3419e25a0f97bef7c7f5c7d681a67e2416f3b7744656bc8ab62ce474d36d96b46
-
SSDEEP
12288:93VEnc1eUjaXZzl3azhfy4hamcUWQn3MN0KyBHyeFGjEvJ1EodxB4LP:93V3eUjaXZp3az1yUaZUXc6fBS2GjEvC
Static task
static1
Behavioral task
behavioral1
Sample
d56ddb9b2cb85e97a55f366aa00f53ffa566a6aa42964e56646cfb58663afd68.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
d56ddb9b2cb85e97a55f366aa00f53ffa566a6aa42964e56646cfb58663afd68.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
Arbitrational/Popgunnery/Bibliotekskredses/sknlitteraturer.oth
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
Arbitrational/Popgunnery/Bibliotekskredses/sknlitteraturer.oth
Resource
win10v2004-20240508-en
Malware Config
Extracted
remcos
thurssday
191.101.130.177:6903
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-HCF7F5
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
d56ddb9b2cb85e97a55f366aa00f53ffa566a6aa42964e56646cfb58663afd68.exe
-
Size
748KB
-
MD5
1a047b9b776d41ec61cc91286c27be07
-
SHA1
42f4eb3e00d258e61cf98a125d025692ac68c88a
-
SHA256
d56ddb9b2cb85e97a55f366aa00f53ffa566a6aa42964e56646cfb58663afd68
-
SHA512
58f8c02e634ca82fc95472d29e49931c15edaad03a0a81d672b72e817037a5b3419e25a0f97bef7c7f5c7d681a67e2416f3b7744656bc8ab62ce474d36d96b46
-
SSDEEP
12288:93VEnc1eUjaXZzl3azhfy4hamcUWQn3MN0KyBHyeFGjEvJ1EodxB4LP:93V3eUjaXZp3az1yUaZUXc6fBS2GjEvC
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Arbitrational/Popgunnery/Bibliotekskredses/sknlitteraturer.oth
-
Size
1KB
-
MD5
a776bbf47131d62b0e0ad1e7e9606ef6
-
SHA1
c8af35220a6fbb5c82d152242ea6cd2ecf135e01
-
SHA256
fcddfc05abba3bbba0aaf7623dc733af59ad9a25f109c1c47d735cec977e4219
-
SHA512
b14c93322a68da92158554d9d8ca1c8e57edd16142e58a5e2a186a7e012ced6489a4055b31cb8f6edd0703067351260a94fde25f4c84091e406f3ec6f0d3b2ba
Score3/10 -