General
-
Target
xxQcLRmeP11U.exe
-
Size
483KB
-
Sample
240128-3b3mfacfa8
-
MD5
9356d6afd549f36460f5d21ad996cb80
-
SHA1
303e4ce5d984a8720b15b45b79c64fc876ab094a
-
SHA256
04a7ab3b2d8c491841c271acc9f55b1dc2de375ed0b184bcfe5484e5380e8557
-
SHA512
6b5ef83c36e3e3a3292320c146bb74516aadf2038fcb62a4ce43ae480bca0f0328b4cf95dcd7a9e2e4075dbd15e1d4e3d881c11e9d6a959aacbd049b955295b4
-
SSDEEP
6144:cXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZsAX4cNI5Gv:cX7tPMK8ctGe4Dzl4h2QnuPs/Zs1cv
Malware Config
Extracted
remcos
RemoteHost
9.tcp.ngrok.io:23547
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-GCUUOZ
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
xxQcLRmeP11U.exe
-
Size
483KB
-
MD5
9356d6afd549f36460f5d21ad996cb80
-
SHA1
303e4ce5d984a8720b15b45b79c64fc876ab094a
-
SHA256
04a7ab3b2d8c491841c271acc9f55b1dc2de375ed0b184bcfe5484e5380e8557
-
SHA512
6b5ef83c36e3e3a3292320c146bb74516aadf2038fcb62a4ce43ae480bca0f0328b4cf95dcd7a9e2e4075dbd15e1d4e3d881c11e9d6a959aacbd049b955295b4
-
SSDEEP
6144:cXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZsAX4cNI5Gv:cX7tPMK8ctGe4Dzl4h2QnuPs/Zs1cv
Score6/10-
Legitimate hosting services abused for malware hosting/C2
-