General
-
Target
AW QUOTE 21505 HQ1-Scan-068703_PDF.rar
-
Size
636KB
-
Sample
210920-jzfm2adch8
-
MD5
a84b3e1af950f42543608d6a6cd18a46
-
SHA1
58c6840a86f2372c8329f8bc38c355cf1761d64e
-
SHA256
5fa711a4d33c6a814f57c9396245a924d8761b0c336da3e924d6cf866c84a9d4
-
SHA512
7b0747b576bcf5fdab4e7d638bf8b1437120856782f287ee29b7281ca5c3cc937d3ddb37fb760e3348aafea81d4271d6a36b7da56b8ddaba8038f99f52cb40a4
Malware Config
Extracted
remcos
3.2.1 Pro
crd2
103.114.136:2405
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
win-9PIVYS
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
AW QUOTE 21505 HQ1-Scan-068703_PDF.exe
-
Size
1.2MB
-
MD5
0d9247623d85ba75b83f909d98caae11
-
SHA1
1377ea7e6b909283bb4b4457aea6801aca70d552
-
SHA256
5cddd352c21b35aa01f2353d74e3dedef3bde4b4dee56e61c696319ec9237b36
-
SHA512
c451a33bbacc1e0b2f1f9dc01f7fc684835fb57a5b17384a161f88ab531411648927b74fe3dc8b4f2c56d88cde6bb81fd24715e11b6793645b7d9ca80767cacc
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
UAC bypass
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-