General
-
Target
Offer 6768YTYBZZZ.Z
-
Size
503KB
-
Sample
231013-r5lp8sae2z
-
MD5
2990f664a2d78fe19c578ed5bf57545e
-
SHA1
6f92fac33d5eaeef0435d73716a94bc9e3c9ae53
-
SHA256
f1e8f710924da24b19be82f41acb98cbdcd7a06b4a54ee1dce3a92497c64a264
-
SHA512
1c00fc5cc4e72ec96ab481fcde8af7bfa6536cbf7a371463a733c82f2c1c4568b48f6aacd57c3c3dd7e78cf154273af59ea41684b5bbef7cff03b1f0da9a164a
-
SSDEEP
12288:qEZNKidBFnXO3QgOw1owmkZqbjZvW2ZmD:qEKnQgpoLkZqbZ7wD
Malware Config
Extracted
remcos
AAAAA
grantadistciaret.com:3212
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-FWG2GL
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Offer 6768YTYBZZZ.exe
-
Size
1.5MB
-
MD5
9b44e64528cbb8629b1becaf4c1d90d0
-
SHA1
c32a6e6ad143e9af937fcf9333709f7cde6c473f
-
SHA256
6fc78cd62ad7070945bd4230c06b2a85cca635b662e3a1bde2aa4f3338f26a26
-
SHA512
cff1b59c0a0e4b988e2d642843c343d4d17ba6cc854d19777797630bcd04d7cbdbdc1184634f43d793ffe46ad456d4d6d27010c270acc84203c3d3b474f8dc09
-
SSDEEP
12288:o43UZVZlCpsxerUOtPHKqLRKxP0xfpF+woc/YPnQb+ut8lZBRe71C9SYpDWGyIO4:qIpsxerUOtPHH7xxFk0E39DlyCZthN
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-