General
-
Target
tmp
-
Size
469KB
-
Sample
220919-gn14gsfben
-
MD5
ad56d2cba38724cdf1f46c4527db73cd
-
SHA1
771f9810e74f7bc0d5db969cc9bf18fd50e95452
-
SHA256
39c927965e14fb38c14b82c66c398f9cac1343d450db26e43c763b08a764b04b
-
SHA512
0a28fb71c71ac4f3a88e75b0f4fe0baeb2a0843fc9707da12e8c2f4922f51f5e80fee7ce6e0c6299164a5c17cc3e61cec121f6598f0a10d952a532b65cd1d163
-
SSDEEP
12288:Omnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSfAn9:2iLJbpI7I2WhQqZ749
Malware Config
Extracted
remcos
Spanish Money
51.210.137.26:3345
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
testing.exe
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
true
-
install_flag
true
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
nvswe.dat
-
keylog_flag
false
-
keylog_folder
fxxgjhkj
-
mouse_option
false
-
mutex
testing-YUTJTX
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
dffghhj
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
tmp
-
Size
469KB
-
MD5
ad56d2cba38724cdf1f46c4527db73cd
-
SHA1
771f9810e74f7bc0d5db969cc9bf18fd50e95452
-
SHA256
39c927965e14fb38c14b82c66c398f9cac1343d450db26e43c763b08a764b04b
-
SHA512
0a28fb71c71ac4f3a88e75b0f4fe0baeb2a0843fc9707da12e8c2f4922f51f5e80fee7ce6e0c6299164a5c17cc3e61cec121f6598f0a10d952a532b65cd1d163
-
SSDEEP
12288:Omnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSfAn9:2iLJbpI7I2WhQqZ749
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-