General
-
Target
Remittance.ace
-
Size
973KB
-
Sample
220518-n5kamacbgp
-
MD5
27c3a088297fbb2ecf5a6649082c389e
-
SHA1
da6e671284937e20d9db8e819fb58a1de63da346
-
SHA256
401396787f52f61223254223e4e47ac3b44f18285ee00bc8c0afa7b76c60009b
-
SHA512
d7874093806e7b347f436f4b4d4bcb8d3439c3bdc00904c3d1aa7585f96453cda64a4f080f0c71b30cefcf60cdb4c8dd4396c4cee763b33e97445c3ea422f4da
Malware Config
Extracted
remcos
3.3.2 Pro
RemoteHost
elzy.ddns.net:2014
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-V3HBZR
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
Remittance.exe
-
Size
1.1MB
-
MD5
b000082824d51bda81b046be122a02f7
-
SHA1
98e81fc7abebbc17198d94625b85f75d7c7011ae
-
SHA256
d79a3905e74be12a90010d43149399e3217faa91354e0ce4ca083c600e295b38
-
SHA512
b76b7564b8bcd4714066099ea3660018a760f143dc657c06da401a0ddd3df84858d38858ac5df3af51bb8d7b1cb6ca3d08de6f40ea8361f29c50c2264ebafb04
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-