General
-
Target
41231403c901ea25abd1132ec834bc3dc5904c29c5afa8ad3f55c019e68059d8.rtf
-
Size
24KB
-
Sample
221127-x4v56sgd7z
-
MD5
c08cbce6ebc4e840a187c6f1fe352a53
-
SHA1
04292199f7cf5dcdfc4b3be7dcd6718d4bb030a3
-
SHA256
41231403c901ea25abd1132ec834bc3dc5904c29c5afa8ad3f55c019e68059d8
-
SHA512
e0a5832212119f3aaa8fb7ca61715286859956c808e3f74deeaade99c996db4908c2a88f0dbde1f5a74d90c70ba3cd2cc1d2ac02f5794f47f833efadfd2979c6
-
SSDEEP
384:gQMmdOFNYY0aaaIswqPeOrka1+fHQJ+t3rQkRhZwkBmI/FNiKsuguwAJRr:8Fx0XaIsnPRIa4fwJMJgI/iogA5
Malware Config
Extracted
remcos
BALLER
91.192.100.48:1979
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-2RPM8Z
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
41231403c901ea25abd1132ec834bc3dc5904c29c5afa8ad3f55c019e68059d8.rtf
-
Size
24KB
-
MD5
c08cbce6ebc4e840a187c6f1fe352a53
-
SHA1
04292199f7cf5dcdfc4b3be7dcd6718d4bb030a3
-
SHA256
41231403c901ea25abd1132ec834bc3dc5904c29c5afa8ad3f55c019e68059d8
-
SHA512
e0a5832212119f3aaa8fb7ca61715286859956c808e3f74deeaade99c996db4908c2a88f0dbde1f5a74d90c70ba3cd2cc1d2ac02f5794f47f833efadfd2979c6
-
SSDEEP
384:gQMmdOFNYY0aaaIswqPeOrka1+fHQJ+t3rQkRhZwkBmI/FNiKsuguwAJRr:8Fx0XaIsnPRIa4fwJMJgI/iogA5
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-