General
-
Target
AW QUOTE 6677 HQ1-Scan-068703_PDF.rar
-
Size
779KB
-
Sample
210920-jzfyssdch9
-
MD5
911ff402bd84cf853438795af8acbdc1
-
SHA1
4b8f38d548f68e54e6e7b414714fa654d069406c
-
SHA256
4ce4fd04bd63cd1196883abe8d581b987fc10a52215515d6f040128a523324aa
-
SHA512
9292215c24af96857bf36b3f936b1dd30b36aa1341769544c5fb988f1b1bc14ba495e13187f8a666b024834a6c4fb0e58ad4a8548ee385cbe37becb52a3dd58d
Malware Config
Extracted
remcos
3.2.1 Pro
rdcrd
103.114.104.136:2404
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
Vlc.exe
-
copy_folder
VLC
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
true
-
install_flag
true
-
install_path
%WinDir%\System32
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
system3
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
system32-AW6YV1
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
system32
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
AW QUOTE 6677 HQ1-Scan-068703_PDF.exe
-
Size
1.6MB
-
MD5
8b7fed1914705666e4826519ebf2ebe7
-
SHA1
7916166229867d620b4b07a359d0bf92e6574b47
-
SHA256
4ccfbfb6751aca04fdefe4f96f95a322ac9684d62dd79c5f7d142c24f30eb5e8
-
SHA512
e602fd1acd3be2513d63e6335c564b17232ac9396d82818868e84534bc09ba57a8ce71db90cbe307bffb2cd13acaca580eaa59f7ea56f3b1d3494c56248ca1e1
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
UAC bypass
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Detected potential entity reuse from brand microsoft.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-