General
-
Target
tmp/4a843bea699f8a40ae3b92c04e01139d61880ce1c519e369a966e814593d1d81.dll
-
Size
463KB
-
Sample
211203-qkmw5abgb5
-
MD5
a603a8a69bbcd08f4899a605ab1c68e4
-
SHA1
59f7a2f88a8a3fc13f685672b72506b28ba1614e
-
SHA256
4a843bea699f8a40ae3b92c04e01139d61880ce1c519e369a966e814593d1d81
-
SHA512
367238cbdaadbfbe42e08da5596f44efb00844505b7a415a57fd3a2d969b8ca83ac4b6ab3c0a4f6c348d9fec0229baee760bb0798768325710a7e70a3f8a4612
Malware Config
Extracted
remcos
3.3.2 Pro
remrem102
18.218.132.40:2404
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
jre
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-QIKEGJ
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
tmp/4a843bea699f8a40ae3b92c04e01139d61880ce1c519e369a966e814593d1d81.dll
-
Size
463KB
-
MD5
a603a8a69bbcd08f4899a605ab1c68e4
-
SHA1
59f7a2f88a8a3fc13f685672b72506b28ba1614e
-
SHA256
4a843bea699f8a40ae3b92c04e01139d61880ce1c519e369a966e814593d1d81
-
SHA512
367238cbdaadbfbe42e08da5596f44efb00844505b7a415a57fd3a2d969b8ca83ac4b6ab3c0a4f6c348d9fec0229baee760bb0798768325710a7e70a3f8a4612
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
UAC bypass
-
Suspicious use of SetThreadContext
-