General
-
Target
f197a58d2ac9ac937c5d417d0800d4804a80402395cdde0fe42dec0931674da4
-
Size
987KB
-
Sample
230808-htg38sbb35
-
MD5
c88d4757ee5c295c3ff996dca43e737a
-
SHA1
dc307074db36fefeb99a5c1715b90a1382493d70
-
SHA256
f197a58d2ac9ac937c5d417d0800d4804a80402395cdde0fe42dec0931674da4
-
SHA512
a2901e2941f0fd5b72b46840852e2f056a006e665eb2f54dedd30c3a139e0f8d1f780d237626e9f3a2df2e95daf1e25f9430de4e9cc8a82e7d2aef92decfd5f6
-
SSDEEP
12288:x+h7rFnTibJ2tYdG7T+IAmvHfvT2Nxda5vWfco//3HS8meXaI1eIEJJZ3gSeYApt:S6byT+I/vXT2NMWfco//3y8m29MQCyt
Malware Config
Extracted
remcos
RemoteHost
212.193.30.230:3343
79.110.49.161:3343
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-CQL1U6
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
f197a58d2ac9ac937c5d417d0800d4804a80402395cdde0fe42dec0931674da4
-
Size
987KB
-
MD5
c88d4757ee5c295c3ff996dca43e737a
-
SHA1
dc307074db36fefeb99a5c1715b90a1382493d70
-
SHA256
f197a58d2ac9ac937c5d417d0800d4804a80402395cdde0fe42dec0931674da4
-
SHA512
a2901e2941f0fd5b72b46840852e2f056a006e665eb2f54dedd30c3a139e0f8d1f780d237626e9f3a2df2e95daf1e25f9430de4e9cc8a82e7d2aef92decfd5f6
-
SSDEEP
12288:x+h7rFnTibJ2tYdG7T+IAmvHfvT2Nxda5vWfco//3HS8meXaI1eIEJJZ3gSeYApt:S6byT+I/vXT2NMWfco//3y8m29MQCyt
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-