General
-
Target
16bb974c71635d85ce58284f8e17291ac46bf7c2972e3235fcf60c1a1c0ed681.exe
-
Size
1012KB
-
Sample
230608-m1n8caee57
-
MD5
2e8e89544086cc8905577ca8200ad894
-
SHA1
f195fbebac33fa202d5ad57e1aefa63dc8e36c9a
-
SHA256
16bb974c71635d85ce58284f8e17291ac46bf7c2972e3235fcf60c1a1c0ed681
-
SHA512
a69356eb6f53a4e925f9d91ce249cf6762be0c9997c44ca91b6f350b612e6983b2925bcebe1ac58ad4e6446f85d58dc94b279af16be06eaedb6133bffd59b4e4
-
SSDEEP
12288:SlGiTB2QwaNYCTdnwRFtPLPEJ+Kk2S6bQzdLVEHA3UvlSLvqCIsIHMf1YBRBe986:kJYCmFNPHKk2Rb+LSHA3UvlbTsdOf8
Malware Config
Extracted
remcos
RemoteHost
157.90.206.40:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-RXCS6P
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
16bb974c71635d85ce58284f8e17291ac46bf7c2972e3235fcf60c1a1c0ed681.exe
-
Size
1012KB
-
MD5
2e8e89544086cc8905577ca8200ad894
-
SHA1
f195fbebac33fa202d5ad57e1aefa63dc8e36c9a
-
SHA256
16bb974c71635d85ce58284f8e17291ac46bf7c2972e3235fcf60c1a1c0ed681
-
SHA512
a69356eb6f53a4e925f9d91ce249cf6762be0c9997c44ca91b6f350b612e6983b2925bcebe1ac58ad4e6446f85d58dc94b279af16be06eaedb6133bffd59b4e4
-
SSDEEP
12288:SlGiTB2QwaNYCTdnwRFtPLPEJ+Kk2S6bQzdLVEHA3UvlSLvqCIsIHMf1YBRBe986:kJYCmFNPHKk2Rb+LSHA3UvlbTsdOf8
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Suspicious use of SetThreadContext
-