General
-
Target
file.exe
-
Size
14KB
-
Sample
230607-xysg4aeg83
-
MD5
f503da8eee4e7cd822239110b488b08b
-
SHA1
f122b5169aaf28a0906b16255cb0e4490dcfd62e
-
SHA256
7874d15ca173ee419b69c1ac2cae4eb6f158a8c1285b9bff7e59af840bed251e
-
SHA512
9fa6fa5e0e78ecf94125584074a094625b6e61cdc6c46f5ec102a42d6ef5bf32446b4b7789e27efd250eb4c49c9b9c6f05961058017bcedd73a6ac62fa16fb9e
-
SSDEEP
384:N6P1J3MxbGglqBcpnHp//UeUB7Eb2eqJT:N6dkQBcLSB7Eb21t
Malware Config
Extracted
remcos
RemoteHost
pekonomiana.duckdns.org:30491
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%Temp%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-EORWFM
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
file.exe
-
Size
14KB
-
MD5
f503da8eee4e7cd822239110b488b08b
-
SHA1
f122b5169aaf28a0906b16255cb0e4490dcfd62e
-
SHA256
7874d15ca173ee419b69c1ac2cae4eb6f158a8c1285b9bff7e59af840bed251e
-
SHA512
9fa6fa5e0e78ecf94125584074a094625b6e61cdc6c46f5ec102a42d6ef5bf32446b4b7789e27efd250eb4c49c9b9c6f05961058017bcedd73a6ac62fa16fb9e
-
SSDEEP
384:N6P1J3MxbGglqBcpnHp//UeUB7Eb2eqJT:N6dkQBcLSB7Eb21t
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-