General
-
Target
PO 001, 002, 003,.arj
-
Size
921KB
-
Sample
230203-v4fz5sgd27
-
MD5
9795f039501486fe4f331200431e21c0
-
SHA1
55779a037dc572a04ee55d669ba95a1fd4d287aa
-
SHA256
4ae1035134ff758e3061a4e823d31d238ce80d6f41128710523617ca54727097
-
SHA512
67ebdd5aa357650d02675551d1bd680526fb80c0253341741cd0abfd2d4b18c68d6ae0cc74908025ef342269153114c37fdf7997e01ee18bfa6dd16bcdce11a1
-
SSDEEP
24576:uIl4DdFvrq6BcF9gzqP16Fc5EIGZSXqE7lk0dSaId:jSDdFGtF9g+168Efc6USaId
Malware Config
Extracted
remcos
RemoteHost server 2
149.202.24.70:1960
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-BHNGAP
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
PO 001, 002, 003,.exe
-
Size
1.1MB
-
MD5
a2ed6ebe9a320464660946cd8b712a4c
-
SHA1
b82fd7fc19665c17bef8f198b35cc867b990b322
-
SHA256
aecb74252f3ae4e3d912c1983de70c06ac29c69b287b31e45d29fbee0ccb5772
-
SHA512
5908b07ac8a3f26f53ce4d78e795cdf1e2e71ccab4e7c20b3f1c5e01c95d41221728166de645185933ff994ffc7fb365e11a63c8b655066742dab3be2593c798
-
SSDEEP
24576:seSqG4yPahfXlKdDxt3rJb8tyxD99PihBT0EKlV6F0xM:LRfXQdDxxeEK7YNyWi
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-