General
-
Target
FAT986545600986.pdf.uue
-
Size
979KB
-
Sample
231204-mfp9xaae4z
-
MD5
3eb7d8959a9c5b82fa1bf9935ff50152
-
SHA1
55f59fac10a180c0bd0d3d9bdcb72c6deac1b0e9
-
SHA256
3f8fbd3962801ab4abd07d655a029a9c67fa3ac55de4f39c7b71d761cfcc54e0
-
SHA512
29d3b9ab4ee112ff06a6132d9dbec27f6a8114d9bc737bdad7b817b77cc7c89d0ee129a57d361610dc17630e1c12f86b3f37032ec37a28c83641a42169461a6f
-
SSDEEP
24576:QY2Q4KpZBlSrtZiRjQnxBMlrPkL4ZdiW6xHTxOb:l2pKZaZcQxBCcCiW6xMb
Malware Config
Extracted
remcos
RemoteHost
107.175.229.139:8087
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-IZFV1M
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
FAT986545600986.bat
-
Size
1.0MB
-
MD5
470249dbfe3ac7f1d16ea4a52ef76fb3
-
SHA1
984ef38fbfa4efd6b9310a07c4a6b2be63e328bf
-
SHA256
f77532a0a209676025270db283534fc63ba0780415e8273d670fc6d1bc4bf1f5
-
SHA512
ec2edf6140afcf84719a8a2d53303ee86fa6b32406b0fc99db6d87dcc162577b9766f88e5fb7643e4cb4fb09c5431c5ab3d8029800eab02aa1b81914e3faba39
-
SSDEEP
24576:h34/up+pJ1sRbSz55MlrTQF4ZriIqBT3peD:h38PJ1QSz55CsIiIqBs
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-