General
-
Target
nw.exe
-
Size
648KB
-
Sample
230615-ht5vasfa53
-
MD5
4ea7c3fd0dc66ab0c86b5eb31820e67b
-
SHA1
16934a4b08ad89f6c07d8597bbfc7dc524b53f38
-
SHA256
2c21f333c677a8b04e36895489a9f128ae531274f70d1153256bf9f7b9573e04
-
SHA512
65734ed988cc4179e1ef5c3db5792c6bd449df06c5622d563549fc032771f7ffdfda993ee4753e16512e7ad9ebfbcd4a3d28c680d182c2e37c7833329ed47907
-
SSDEEP
12288:IMptJoyuAlheVmn0crLs3wajuuqg2yRI1kyE4KWYDXlk5LY6lW:PJRuAlhEWb/sAaj5D2m4KTDXloLrg
Malware Config
Extracted
remcos
Qemu-ga
185.239.237.197:443
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
3
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
keylog_crypt
true
-
keylog_file
CloudHost.xlm
-
keylog_flag
false
-
keylog_folder
Qemu-ga
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Qemu-ga-RMACTM
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
nw.exe
-
Size
648KB
-
MD5
4ea7c3fd0dc66ab0c86b5eb31820e67b
-
SHA1
16934a4b08ad89f6c07d8597bbfc7dc524b53f38
-
SHA256
2c21f333c677a8b04e36895489a9f128ae531274f70d1153256bf9f7b9573e04
-
SHA512
65734ed988cc4179e1ef5c3db5792c6bd449df06c5622d563549fc032771f7ffdfda993ee4753e16512e7ad9ebfbcd4a3d28c680d182c2e37c7833329ed47907
-
SSDEEP
12288:IMptJoyuAlheVmn0crLs3wajuuqg2yRI1kyE4KWYDXlk5LY6lW:PJRuAlhEWb/sAaj5D2m4KTDXloLrg
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-