General
-
Target
TNT Original Invoice.exe
-
Size
3.0MB
-
Sample
230328-wa6t5scc75
-
MD5
c8c0264dca37efd9416dd2ec9dd5c931
-
SHA1
d99726a37eecb89ac7c0e8011617c952ad870762
-
SHA256
05a5e41d72b42e2ab08a2b9afce8780ba729f20128a86b83e649df6292a4e7b0
-
SHA512
7fc8bf021d0dd3a9e4997641340de811da87dc6d594e7e082b2a543dfa3fd3563e625797bb9648dcdef1e3830c2d10a9d51a3ac9d7310f930219c3a8fbbd6f52
-
SSDEEP
24576:7DX7TWfq0acNRVAWEo6E+uSLgaHgDZXhETZjipt/flxGV7hya0eqrmBtngpyyedk:HdNH2XSTZiAVnYD1JzOR1cUabuwHH
Malware Config
Extracted
remcos
RemoteHost
51.75.209.245:2406
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-52YOYG
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
TNT Original Invoice.exe
-
Size
3.0MB
-
MD5
c8c0264dca37efd9416dd2ec9dd5c931
-
SHA1
d99726a37eecb89ac7c0e8011617c952ad870762
-
SHA256
05a5e41d72b42e2ab08a2b9afce8780ba729f20128a86b83e649df6292a4e7b0
-
SHA512
7fc8bf021d0dd3a9e4997641340de811da87dc6d594e7e082b2a543dfa3fd3563e625797bb9648dcdef1e3830c2d10a9d51a3ac9d7310f930219c3a8fbbd6f52
-
SSDEEP
24576:7DX7TWfq0acNRVAWEo6E+uSLgaHgDZXhETZjipt/flxGV7hya0eqrmBtngpyyedk:HdNH2XSTZiAVnYD1JzOR1cUabuwHH
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-