General
-
Target
Eyvonne Tan Professional CV.xlsx
-
Size
607KB
-
Sample
230323-kzldysgf2y
-
MD5
bc0f5d5eba66ff1ae05d5f02c598e79a
-
SHA1
b37f8d40b9f7c5c6d9381181c5ae0f74b97636cf
-
SHA256
05db737208b63635acd8bb70282a24ce6ee2fba064085b0688604467cc36f3cc
-
SHA512
fc90261992378ea517acffb5395f1a7c28c0aac125c44d3f35fcb243f306dd80673affaf735c379745d3c08878764921f6657b73c1bfa4aca795b5527cb9ef88
-
SSDEEP
12288:jI8Uhfa/Q4puxsDcfbBIOwwZVNMmOS+YAzqGJDWzKAq:k8URhsIfOOw+MmOSOqGJDCq
Malware Config
Extracted
remcos
Maly 2023-Host
maly22333.ddnsking.com:3091
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
cos.exe
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
true
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
mouse_option
false
-
mutex
Rmc-GY5GD6
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
nsa
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Eyvonne Tan Professional CV.xlsx
-
Size
607KB
-
MD5
bc0f5d5eba66ff1ae05d5f02c598e79a
-
SHA1
b37f8d40b9f7c5c6d9381181c5ae0f74b97636cf
-
SHA256
05db737208b63635acd8bb70282a24ce6ee2fba064085b0688604467cc36f3cc
-
SHA512
fc90261992378ea517acffb5395f1a7c28c0aac125c44d3f35fcb243f306dd80673affaf735c379745d3c08878764921f6657b73c1bfa4aca795b5527cb9ef88
-
SSDEEP
12288:jI8Uhfa/Q4puxsDcfbBIOwwZVNMmOS+YAzqGJDWzKAq:k8URhsIfOOw+MmOSOqGJDCq
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-