General
-
Target
bb939a5d9535a87231e5a91e1f23121159c7bd6f38013a69d3313dda4a424f41.exe
-
Size
1.3MB
-
Sample
240705-xrk5fatckk
-
MD5
742a768aa785a7bb86c1e8f3cd04bc7a
-
SHA1
84b3fe357e4e5c312e411c654d20d81a65a54dda
-
SHA256
bb939a5d9535a87231e5a91e1f23121159c7bd6f38013a69d3313dda4a424f41
-
SHA512
12c941e0b4719002fa472914e250c3a0d03cfc62db9e8431f02169cd3d28d414259e6bc4e64ff3852489df92885f980a7d4b7e00a3d1808c1ea56b5771878ec5
-
SSDEEP
24576:a5F0hmBDkZvdq+rixY/DFpNTvCkV0uf5ZmH1Ova3P01vUCwbi:ncI/XGxYFvCkCua1v35
Static task
static1
Behavioral task
behavioral1
Sample
bb939a5d9535a87231e5a91e1f23121159c7bd6f38013a69d3313dda4a424f41.exe
Resource
win7-20240704-en
Malware Config
Extracted
remcos
MEXICO
64.188.26.202:1604
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
Vexploio.exe
-
copy_folder
Vexplo
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-N6A3VJ
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
bb939a5d9535a87231e5a91e1f23121159c7bd6f38013a69d3313dda4a424f41.exe
-
Size
1.3MB
-
MD5
742a768aa785a7bb86c1e8f3cd04bc7a
-
SHA1
84b3fe357e4e5c312e411c654d20d81a65a54dda
-
SHA256
bb939a5d9535a87231e5a91e1f23121159c7bd6f38013a69d3313dda4a424f41
-
SHA512
12c941e0b4719002fa472914e250c3a0d03cfc62db9e8431f02169cd3d28d414259e6bc4e64ff3852489df92885f980a7d4b7e00a3d1808c1ea56b5771878ec5
-
SSDEEP
24576:a5F0hmBDkZvdq+rixY/DFpNTvCkV0uf5ZmH1Ova3P01vUCwbi:ncI/XGxYFvCkCua1v35
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-