General
-
Target
5baa3cce5cb687ac0f9001d78217a24c8f33bbe7713de5e85e669d21a996d9f4
-
Size
300.0MB
-
Sample
221108-p6nj4sghc2
-
MD5
e4511dbd38b06be47f59500d5e2d8df3
-
SHA1
17f739c5c189d5ab042e8c9acf85f76fe94f719c
-
SHA256
5baa3cce5cb687ac0f9001d78217a24c8f33bbe7713de5e85e669d21a996d9f4
-
SHA512
e7e9e1b07470e40e53bf6fde2cc4dbd4914ffed5170ae7024fabc980e05ab9bf343a72811ab9b8b35275c6a898a369a2a06103bd995bfc29cf314367550c9b9d
-
SSDEEP
12288:81/TNU8vQHjdMMEDeoeeP1jDdxKwtMHFKmoP:aqjdMMEQeP17l
Malware Config
Extracted
remcos
manup
91.193.75.188:60005
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
universalupdaetfeeds.exe
-
copy_folder
universalupdaetfeeds
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
universalupdaetfeeds
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
universalupdaetfeeds-13BJX3
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
universalupdaetfeeds
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
5baa3cce5cb687ac0f9001d78217a24c8f33bbe7713de5e85e669d21a996d9f4
-
Size
300.0MB
-
MD5
e4511dbd38b06be47f59500d5e2d8df3
-
SHA1
17f739c5c189d5ab042e8c9acf85f76fe94f719c
-
SHA256
5baa3cce5cb687ac0f9001d78217a24c8f33bbe7713de5e85e669d21a996d9f4
-
SHA512
e7e9e1b07470e40e53bf6fde2cc4dbd4914ffed5170ae7024fabc980e05ab9bf343a72811ab9b8b35275c6a898a369a2a06103bd995bfc29cf314367550c9b9d
-
SSDEEP
12288:81/TNU8vQHjdMMEDeoeeP1jDdxKwtMHFKmoP:aqjdMMEQeP17l
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Suspicious use of SetThreadContext
-