General
-
Target
file.exe
-
Size
2.7MB
-
Sample
230201-qf3f1sga5x
-
MD5
79f47ea1ffef2cbc356aaa87610d9168
-
SHA1
3dfa9f0128fbcb080f2dd22ccd5917d2d57d06be
-
SHA256
3d9599c4660790e2a9ec335ff9384efb10443eae67d22925697fd30d48f87414
-
SHA512
4330bc516693b647da60de7e109d811321e98164362ca495bd0f4402c3f42f7eb1fb265cdae685655b51ef837909c895281587ab4f9af987e9550ab495433cb6
-
SSDEEP
49152:X3VxHbk7Rv6msAP/RpWY23Y7MrKSmSejpe:Hbr/O/BO+SV
Malware Config
Extracted
remcos
Solution
infoprokaps.ddns.net:6838
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-SJ6VHY
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
file.exe
-
Size
2.7MB
-
MD5
79f47ea1ffef2cbc356aaa87610d9168
-
SHA1
3dfa9f0128fbcb080f2dd22ccd5917d2d57d06be
-
SHA256
3d9599c4660790e2a9ec335ff9384efb10443eae67d22925697fd30d48f87414
-
SHA512
4330bc516693b647da60de7e109d811321e98164362ca495bd0f4402c3f42f7eb1fb265cdae685655b51ef837909c895281587ab4f9af987e9550ab495433cb6
-
SSDEEP
49152:X3VxHbk7Rv6msAP/RpWY23Y7MrKSmSejpe:Hbr/O/BO+SV
Score10/10-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-