General
-
Target
f759770cfe655a50431b0c4d04d2ef09e9579609bfc101fc9a053ce5dc04a514
-
Size
4.6MB
-
Sample
230129-z3ywsada93
-
MD5
13184dda613646fe97f76df1b363d931
-
SHA1
9016df137c3c9ce9fee9a4561ce9f28758059773
-
SHA256
f759770cfe655a50431b0c4d04d2ef09e9579609bfc101fc9a053ce5dc04a514
-
SHA512
2a2d96064d3ca0552887f743e3783db646a4c0fb40504880dff2fd7bad350bccf5286833da1f9aedb5ce5a4f1a95476c1d5eb9b3cb1284e27cacb834c450dcad
-
SSDEEP
49152:v50dESZqGlVV8XDx1/sxkPt7keQO2Nz4DL1GIaTtmokRrEH:KVMDx1/sxkVGNzYL1GIMmoQr
Malware Config
Extracted
remcos
2.6.0 Pro
BTC
94.242.206.175:5888
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
MSI
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
MSIS-OLNTTD
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
f759770cfe655a50431b0c4d04d2ef09e9579609bfc101fc9a053ce5dc04a514
-
Size
4.6MB
-
MD5
13184dda613646fe97f76df1b363d931
-
SHA1
9016df137c3c9ce9fee9a4561ce9f28758059773
-
SHA256
f759770cfe655a50431b0c4d04d2ef09e9579609bfc101fc9a053ce5dc04a514
-
SHA512
2a2d96064d3ca0552887f743e3783db646a4c0fb40504880dff2fd7bad350bccf5286833da1f9aedb5ce5a4f1a95476c1d5eb9b3cb1284e27cacb834c450dcad
-
SSDEEP
49152:v50dESZqGlVV8XDx1/sxkPt7keQO2Nz4DL1GIaTtmokRrEH:KVMDx1/sxkVGNzYL1GIMmoQr
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Blocklisted process makes network request
-