General
-
Target
a6bdc7d25ae942d15182d26e449c329340db53470a079647d3b6ddb06b7e28d5
-
Size
3.3MB
-
Sample
230131-zh1vmsad28
-
MD5
2a0c96488c0bf6d685ffe058c1ebb06d
-
SHA1
9f1cfa7df0680a3b65a192ee8039465d129b62b7
-
SHA256
a6bdc7d25ae942d15182d26e449c329340db53470a079647d3b6ddb06b7e28d5
-
SHA512
072ce92f37756cc44d6bbc029446f40d451b5dff8fd188688185c7f405453d703b1c0654adb6ce4f1bb39a12e24450736925041f063df0d9b08e0fe72b280e5d
-
SSDEEP
24576:EAzFN9Z2XBQFio7Q0sE93KBLPdA6sU1rdUEHbR2XSQXuCRP7+jNJCRZgC/LUa9kJ:EA36kio7Q0sENKHi4wkhlKYQkjRj
Malware Config
Extracted
remcos
RemoteHost
rem.unionbindinqcompany.it:3361
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-F4O94O
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
a6bdc7d25ae942d15182d26e449c329340db53470a079647d3b6ddb06b7e28d5
-
Size
3.3MB
-
MD5
2a0c96488c0bf6d685ffe058c1ebb06d
-
SHA1
9f1cfa7df0680a3b65a192ee8039465d129b62b7
-
SHA256
a6bdc7d25ae942d15182d26e449c329340db53470a079647d3b6ddb06b7e28d5
-
SHA512
072ce92f37756cc44d6bbc029446f40d451b5dff8fd188688185c7f405453d703b1c0654adb6ce4f1bb39a12e24450736925041f063df0d9b08e0fe72b280e5d
-
SSDEEP
24576:EAzFN9Z2XBQFio7Q0sE93KBLPdA6sU1rdUEHbR2XSQXuCRP7+jNJCRZgC/LUa9kJ:EA36kio7Q0sENKHi4wkhlKYQkjRj
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Adds Run key to start application
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-