General
-
Target
Agenzia.zip
-
Size
326B
-
Sample
231114-pjct4acb9z
-
MD5
56f27fbf4a23fd14a13897446fe57e87
-
SHA1
eb25a10ccacec6edf9d08395f75aa93785721880
-
SHA256
392624a0ee0d3c34ae9ad9607e9f8683156447379beac0ec8519c70dedbb74d0
-
SHA512
e42a3d10766f05cdf87a6e916ee9187deb722ca8a0fbfc73278aeb51a62bf9441cc89c2878bd65b56f30bb9abc54a9b60ef666ad2cfb87119c323a76c8243f39
Malware Config
Extracted
remcos
RemoteHost
listpoints.online:4050
retghrtgwtrgtg.bounceme.net:3839
listpoints.click:7020
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
explorer.exe
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-WLPZI6
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Agenzia.url
-
Size
200B
-
MD5
e8e03b91b2802891c978c8a67999bd10
-
SHA1
af767e90f1017c588451f6019a199876349e4f7c
-
SHA256
285a563c4e37ac89fafa49aed8e5bedb5dcb2a310860c2daf7c3fdffc094cccf
-
SHA512
e95bac88b49a6b196f5c2bbf3a0932434ce1841bc1f9e97ad031606f999dbddef82363cba298301bc749e44e7012550e820e932ce0859b57085b97470310f87d
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-