General
-
Target
Invoice9192023.exe
-
Size
963KB
-
Sample
230919-qcmldshb5w
-
MD5
a3242aa02d201860a6411cb2bd9468fd
-
SHA1
3f71c67d430fb336cb1069dfebb50efb256cf0d3
-
SHA256
06d9cbc6fc7ceb53c082f82a67c0b1cd4219fec013d52aec2cfd27cf64e5695e
-
SHA512
3afc473f77766135807cb6016733f50742bdf180a440c62e25c539d9091306642b19bdf8576b2af9982fab25481c3065e51098a610e37aa4207fc80192dd0b06
-
SSDEEP
24576:19BwsIaifspKUHO22+5o7fH2JeFBX533YInronuC5wz6yfytu0b6BjB:lwsSCHxC2JezOIn8Bu6yiWBl
Malware Config
Extracted
remcos
onyenso
193.42.32.237:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-FYRXFC
-
screenshot_crypt
true
-
screenshot_flag
true
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Invoice9192023.exe
-
Size
963KB
-
MD5
a3242aa02d201860a6411cb2bd9468fd
-
SHA1
3f71c67d430fb336cb1069dfebb50efb256cf0d3
-
SHA256
06d9cbc6fc7ceb53c082f82a67c0b1cd4219fec013d52aec2cfd27cf64e5695e
-
SHA512
3afc473f77766135807cb6016733f50742bdf180a440c62e25c539d9091306642b19bdf8576b2af9982fab25481c3065e51098a610e37aa4207fc80192dd0b06
-
SSDEEP
24576:19BwsIaifspKUHO22+5o7fH2JeFBX533YInronuC5wz6yfytu0b6BjB:lwsSCHxC2JezOIn8Bu6yiWBl
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-