General
-
Target
securefile.vbs
-
Size
133KB
-
Sample
231202-bdbg7ahb2t
-
MD5
5b3da0c720577a55ba1837f9a15239ed
-
SHA1
da73bc388374b50660782de964207016ad812cef
-
SHA256
2cb4c5c10f9b72ad2dc37da0ad059d78ec2ce5392e33ce393a8ac85ab2b4d473
-
SHA512
00780950d7efb21f54f3422d9837b2edce7be67651f72e189849c3ec5ebcff181175c6399bac8207d1d4e8c6433ebbb2a86316fc1ffefcb1f8a0b4debc62d57c
-
SSDEEP
3072:tkkt4m6wA444434444w4444w4444w4444w4444w4444V80blSudLE4444w4444wP:G
Malware Config
Extracted
https://textbin.net/raw/ezjmofz3s6
Extracted
remcos
RemoteHost
ooop.casacam.net:5550
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-6GFHKG
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
securefile.vbs
-
Size
133KB
-
MD5
5b3da0c720577a55ba1837f9a15239ed
-
SHA1
da73bc388374b50660782de964207016ad812cef
-
SHA256
2cb4c5c10f9b72ad2dc37da0ad059d78ec2ce5392e33ce393a8ac85ab2b4d473
-
SHA512
00780950d7efb21f54f3422d9837b2edce7be67651f72e189849c3ec5ebcff181175c6399bac8207d1d4e8c6433ebbb2a86316fc1ffefcb1f8a0b4debc62d57c
-
SSDEEP
3072:tkkt4m6wA444434444w4444w4444w4444w4444w4444V80blSudLE4444w4444wP:G
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Blocklisted process makes network request
-
Drops startup file
-
Suspicious use of SetThreadContext
-