General
-
Target
34cad56539e803ceb0148995edde88a1.exe
-
Size
646KB
-
Sample
200716-5lst814n5n
-
MD5
34cad56539e803ceb0148995edde88a1
-
SHA1
5b3b216e3ab8b5223534e5dc7e545604740d9951
-
SHA256
f412da03defe68cc6e1f264449adf519a4c5470c51e7b502854f7fbf358f8516
-
SHA512
4a3c6c7de06af36d2fef785f2af170b5edafdab5963e9d520f58c5e5a119fc65e683347c831b3664b71bcf3b84099028ada3c492057214711dda60e861558dda
Malware Config
Extracted
remcos
185.140.53.209:1990
Targets
-
-
Target
34cad56539e803ceb0148995edde88a1.exe
-
Size
646KB
-
MD5
34cad56539e803ceb0148995edde88a1
-
SHA1
5b3b216e3ab8b5223534e5dc7e545604740d9951
-
SHA256
f412da03defe68cc6e1f264449adf519a4c5470c51e7b502854f7fbf358f8516
-
SHA512
4a3c6c7de06af36d2fef785f2af170b5edafdab5963e9d520f58c5e5a119fc65e683347c831b3664b71bcf3b84099028ada3c492057214711dda60e861558dda
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-