General
-
Target
03541b2cf3bf022eda584b9ead6b6edeb7a47e8ccaa99b2415ee56694c9868cb
-
Size
2.7MB
-
Sample
230201-ngk71sda49
-
MD5
21605edd439a91f69b7c2584413ae3f5
-
SHA1
76353ff45df865cee24b8802c2332c8f07590df6
-
SHA256
03541b2cf3bf022eda584b9ead6b6edeb7a47e8ccaa99b2415ee56694c9868cb
-
SHA512
df4248687d7a92389a3aab90dd0ccc8ea7236e8b71555bd835c33816a6e27b9a147d10fe693b57a693698c0d7c3fdbd99a3587cbfba08929c0d0fc4f34efb128
-
SSDEEP
49152:Q61jlIn2e7zgWTSOa7Q4hVBP35NxVg1DHeTz0CTssEORTdQRYdN+1rHzE42i9:Q6FynB7JTSOWBBNxVg1zen0CLEOhdQTl
Malware Config
Extracted
remcos
nigeria
198.46.173.141:50482
198.46.173.141:50484
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-6CYNGG
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
03541b2cf3bf022eda584b9ead6b6edeb7a47e8ccaa99b2415ee56694c9868cb
-
Size
2.7MB
-
MD5
21605edd439a91f69b7c2584413ae3f5
-
SHA1
76353ff45df865cee24b8802c2332c8f07590df6
-
SHA256
03541b2cf3bf022eda584b9ead6b6edeb7a47e8ccaa99b2415ee56694c9868cb
-
SHA512
df4248687d7a92389a3aab90dd0ccc8ea7236e8b71555bd835c33816a6e27b9a147d10fe693b57a693698c0d7c3fdbd99a3587cbfba08929c0d0fc4f34efb128
-
SSDEEP
49152:Q61jlIn2e7zgWTSOa7Q4hVBP35NxVg1DHeTz0CTssEORTdQRYdN+1rHzE42i9:Q6FynB7JTSOWBBNxVg1zen0CLEOhdQTl
Score10/10-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Suspicious use of SetThreadContext
-