General
-
Target
Vidoe001mp4.scr signed FAT11 d.o.o
-
Size
1.2MB
-
Sample
201023-bg9x3mpdzn
-
MD5
0d0c318096299a617f70ea57559c4f55
-
SHA1
8199b12cc24d416cb8835b5e3d00b92339ad9b45
-
SHA256
73feac20d7cdbe1e10ca26b196d60d68ea0c4e652ceacf534b1c549e4e597e74
-
SHA512
b6cfc8df9556683cf4cbef46aa208081853d4132cee94fbcd0a6d9ee2ded5d6dd5987578093eae98c595776b51104613c5bc2e6e42bb543c2c59c2eafa012751
Malware Config
Extracted
remcos
108.174.197.5:5050
Targets
-
-
Target
Vidoe001mp4.scr signed FAT11 d.o.o
-
Size
1.2MB
-
MD5
0d0c318096299a617f70ea57559c4f55
-
SHA1
8199b12cc24d416cb8835b5e3d00b92339ad9b45
-
SHA256
73feac20d7cdbe1e10ca26b196d60d68ea0c4e652ceacf534b1c549e4e597e74
-
SHA512
b6cfc8df9556683cf4cbef46aa208081853d4132cee94fbcd0a6d9ee2ded5d6dd5987578093eae98c595776b51104613c5bc2e6e42bb543c2c59c2eafa012751
Score10/10-
Osiris
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-