General
-
Target
119eaa1129f88196cae8f81a75ab8b31.zip
-
Size
884KB
-
Sample
231011-ylcfsahg4z
-
MD5
c55e3fd3d59a9b6be4534a1ba0decd52
-
SHA1
365959e90ff72ae1ca05e71bd1f68ebe1b0ab5de
-
SHA256
7137a2e2d38f6b22fc74709008d98f3fe2b0eb025c58f0765927b3b01189980c
-
SHA512
8066349462ecbf425ae6d8882463d143bece982972cf88b6d2e0089d6cf4e7aa0df216b0a14a9eccf30d08316338d54ce1401de77064ade466efbb6eceee9c93
-
SSDEEP
24576:WNS7X/PvOlQQbfU3aUfeCocW2DGcrUotOGEVy3dLZzwPQxrQqI:gs/Ol10vfeCox2DRrXkGEU3dL5wero
Malware Config
Extracted
remcos
RemoteHost
167.114.189.33:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-7ZDF66
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
TNT Original Invoice.exe
-
Size
1023KB
-
MD5
119eaa1129f88196cae8f81a75ab8b31
-
SHA1
51223c629345eb969f8f56abcc6a11792178ff77
-
SHA256
8be324c37f356ce39300e054d452a5d5aa215449a25f431371aab8585d234d2b
-
SHA512
450239eabafa344c487f8a0ee17f000fefe39f0a78d6ea2ec09a0ad425c51c936428a48f1d853e5eff131f6ef1b5b2519c79e03d955452bc0b2a951af4a6af4d
-
SSDEEP
24576:ToMSdOp+dBHPdYBtO+mMP7tyUKVdZ39sakOzwsHru:kMDpQH2/OdP4a98ea
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-