General
-
Target
envifa.vbs
-
Size
154KB
-
Sample
231207-r1ar6scb48
-
MD5
18bb62e29138d9c8dd098e5be9a4c13c
-
SHA1
5362535f49fee8fd7333be8fc6ea249deffa2eb9
-
SHA256
e0ad36136960203db1aea53780b49ef2c819ad31d68980822c4dff0d8dab1a14
-
SHA512
0a0e37dab52b3892a9148e40f12408256c8d8eb6dede9217bb47cda010ae672775bd88535b0ab94c6800b3e22ab7c53ae6e9fe8dcd790e9849cfb749fa5b77b8
-
SSDEEP
384:5UDkE9rQyhN65y//88tyLYtymNDycT+zjgyX4uynPivlytR/dJPfyFfhywzqggCq:j2Nek58Rc
Malware Config
Extracted
remcos
RemoteHost
remccoss2023.duckdns.org:4576
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
registros.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-E5ZBB0
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Capturas de pantalla
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
envifa.vbs
-
Size
154KB
-
MD5
18bb62e29138d9c8dd098e5be9a4c13c
-
SHA1
5362535f49fee8fd7333be8fc6ea249deffa2eb9
-
SHA256
e0ad36136960203db1aea53780b49ef2c819ad31d68980822c4dff0d8dab1a14
-
SHA512
0a0e37dab52b3892a9148e40f12408256c8d8eb6dede9217bb47cda010ae672775bd88535b0ab94c6800b3e22ab7c53ae6e9fe8dcd790e9849cfb749fa5b77b8
-
SSDEEP
384:5UDkE9rQyhN65y//88tyLYtymNDycT+zjgyX4uynPivlytR/dJPfyFfhywzqggCq:j2Nek58Rc
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-