General
-
Target
36e6408418b7aaf111df490e9acde8323059278fd0e534214b767d1102b64b48
-
Size
307KB
-
Sample
220521-n7esxsegc2
-
MD5
478c3cd4eddf47c43eb989aa941664ec
-
SHA1
8daa21c6a8edd1a12c2dca7dd8f9a49f682b4744
-
SHA256
36e6408418b7aaf111df490e9acde8323059278fd0e534214b767d1102b64b48
-
SHA512
7cfaad7e28de8a8ed27c5846fd617338a953d5c0be1c3480029162ff043585beb7aa8f3c73c5f27152cd3ec0378451d9f0c7674bcdb610e70b37d9ae4fdaddb7
Malware Config
Extracted
remcos
2.5.0 Pro
RemoteHost
isp.remcosagent.dns-cloud.net:2528
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-HK10DL
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
quotation_company profile01.exe
-
Size
355KB
-
MD5
6816cd26e16b97cfcd0e6e5718c103e2
-
SHA1
0718ffb992b4f43a353cba5626aff0438410e106
-
SHA256
7aa8cc9565186d8093b6c5d4162218c3604d8cb573943de20ae45edb5635ad1c
-
SHA512
db4c2acb3aec7a78f3836d56ec89c23d2c600eac949a00058c5d8c7276585b8bac530c65516ddfcf6402291f0cb2450d2e0e35f9fc558de9552a036eaea39240
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Drops startup file
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-