General
-
Target
c557af22044eaf1eafbe570f708695970ad43efeaca212f6a18c3c62e29c3a0d
-
Size
741KB
-
Sample
220121-29rr6achcq
-
MD5
33b020831073aa2daed2f89573487af8
-
SHA1
b5385a01025431b88b4140538f6885904a496471
-
SHA256
c557af22044eaf1eafbe570f708695970ad43efeaca212f6a18c3c62e29c3a0d
-
SHA512
a629fe3aea2717ca5dc4396af12b091801337021b829fdcc529a6f7e5106c249b0715902897da64aa7ee00935350b49e1c6a513819a6e112927962f580e096f8
Malware Config
Extracted
remcos
2.5.0 Pro
TREINTAYSIETE
treintaysieteremc.duckdns.org:1011
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-UJ9U6Z
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
c557af22044eaf1eafbe570f708695970ad43efeaca212f6a18c3c62e29c3a0d
-
Size
741KB
-
MD5
33b020831073aa2daed2f89573487af8
-
SHA1
b5385a01025431b88b4140538f6885904a496471
-
SHA256
c557af22044eaf1eafbe570f708695970ad43efeaca212f6a18c3c62e29c3a0d
-
SHA512
a629fe3aea2717ca5dc4396af12b091801337021b829fdcc529a6f7e5106c249b0715902897da64aa7ee00935350b49e1c6a513819a6e112927962f580e096f8
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Blocklisted process makes network request
-
Loads dropped DLL
-