General
-
Target
cb7ffda616dbfb59cec05339b9bee2e7ecae48595545ee4e63d93e9751feb594
-
Size
990KB
-
Sample
230109-p2jqcshf5z
-
MD5
698538dba415e2812977332cc1435722
-
SHA1
e2471d54803ba0b53ed3593d8d1a3ea33768f276
-
SHA256
cb7ffda616dbfb59cec05339b9bee2e7ecae48595545ee4e63d93e9751feb594
-
SHA512
b7a8d08508427627a086e839283d0bbdfa6c723ae51b8271f040c2eb7accaf03aaf6f71d429fdcac30166ca579bfa9bf55779dfa26885207a1323ac60d4c7a1b
-
SSDEEP
24576:J7qCZ3GpdnPmDZygjYYjnaDBRjqZNvGAieuTbvzHY+l7zkkMv2v:oCZ3GpdnuDZygjYQnadkvvae8LzHT7aO
Malware Config
Extracted
remcos
Mekino-RemoteHost
nadiac7806.hopto.org:2397
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
los.exe
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
true
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Rmc-XBQXEL
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
trn
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
cb7ffda616dbfb59cec05339b9bee2e7ecae48595545ee4e63d93e9751feb594
-
Size
990KB
-
MD5
698538dba415e2812977332cc1435722
-
SHA1
e2471d54803ba0b53ed3593d8d1a3ea33768f276
-
SHA256
cb7ffda616dbfb59cec05339b9bee2e7ecae48595545ee4e63d93e9751feb594
-
SHA512
b7a8d08508427627a086e839283d0bbdfa6c723ae51b8271f040c2eb7accaf03aaf6f71d429fdcac30166ca579bfa9bf55779dfa26885207a1323ac60d4c7a1b
-
SSDEEP
24576:J7qCZ3GpdnPmDZygjYYjnaDBRjqZNvGAieuTbvzHY+l7zkkMv2v:oCZ3GpdnuDZygjYQnadkvvae8LzHT7aO
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-