General
-
Target
38f60deb7aa0d23b870d6e6d9a07d128.exe
-
Size
469KB
-
Sample
220911-jjnzgabcb7
-
MD5
38f60deb7aa0d23b870d6e6d9a07d128
-
SHA1
9bf18d1057eaa239733cf8134ba04be2a0a89a14
-
SHA256
89adcb90dcc56d8e5b6cab4fce35a7ea8619ed9d47a5a947aaf4f34cb42c5021
-
SHA512
848851b0f312aa4332884f6d1568c3b675970693bcedffb8b42a82e77da74b64dd0502edf5961d91bfb3b47222e7905034ae74421a8b394a3c0394fd450822ae
-
SSDEEP
12288:Omnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSMMn9:2iLJbpI7I2WhQqZ7MM9
Malware Config
Extracted
remcos
System32 file R
109.70.144.79:2000
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
System32 file
-
copy_folder
System32 file
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
true
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-CZIR18
-
screenshot_crypt
false
-
screenshot_flag
true
-
screenshot_folder
Screenshots
-
screenshot_path
%WinDir%\System32
-
screenshot_time
10
-
startup_value
System32 file
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
38f60deb7aa0d23b870d6e6d9a07d128.exe
-
Size
469KB
-
MD5
38f60deb7aa0d23b870d6e6d9a07d128
-
SHA1
9bf18d1057eaa239733cf8134ba04be2a0a89a14
-
SHA256
89adcb90dcc56d8e5b6cab4fce35a7ea8619ed9d47a5a947aaf4f34cb42c5021
-
SHA512
848851b0f312aa4332884f6d1568c3b675970693bcedffb8b42a82e77da74b64dd0502edf5961d91bfb3b47222e7905034ae74421a8b394a3c0394fd450822ae
-
SSDEEP
12288:Omnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSMMn9:2iLJbpI7I2WhQqZ7MM9
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-