General
-
Target
98d52c27d53e81ace5db2d1b1580f6e8.bin
-
Size
470KB
-
Sample
230629-b3dnvabf63
-
MD5
5e6cf59653df81d9cce73945da4b4219
-
SHA1
e9b1119165ce8b29010d14d42e742fd281cff143
-
SHA256
90e7eef96edbec13d781107d43a03a7224f31068441a283a7ad9e96c0dd9e3ea
-
SHA512
1e606f36b5fec275cfc2c01b38895df9827d2303699c300a4034293e7fefc4750ddf9a06723a270ae5acca16518911d2a056a189b69cac52770a24e234edbc51
-
SSDEEP
12288:IQ7uleOmPxni4/vOPmCMKIBUvK+c9eLY2mYR19mtTMih:IDkvOPu91+8el319c/h
Malware Config
Extracted
remcos
RemoteHost
wealthyblessed.ddns.net:39603
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-XZ45OS
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
7cd77a765069b1826b7594f693608500096f6f902c25b7994fa4d58bfe91be66.exe
-
Size
484KB
-
MD5
98d52c27d53e81ace5db2d1b1580f6e8
-
SHA1
3c26d3f12e2cf87a3d6c58d1b0431504587eca70
-
SHA256
7cd77a765069b1826b7594f693608500096f6f902c25b7994fa4d58bfe91be66
-
SHA512
b51138ec858eb33df42663a66bb060fa4b7d4f210965acba6d544de4aa5590fc8b35cd27e7e768866626891e3cf9702c892b1bb8c67ab00e0f37e7172930957c
-
SSDEEP
6144:zYa6lYz84WE8fYunZTkHvZjzuaadQOACZx7vhTTFgARS0K2zYN9mNNn17M7Qsxsc:zYQz8Y8RToZxai2R5g8uXmNfGA+
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-