General
-
Target
c4d3332a0cd279de2349c5674802be7f
-
Size
1.2MB
-
Sample
240313-dpsa7add43
-
MD5
c4d3332a0cd279de2349c5674802be7f
-
SHA1
3a7e0ccb3568a46a79b9038d21456d9a8f9b796a
-
SHA256
53a3ad7bdb3e31f652df524b5268135d62d21511bc19c5544619fda882fccc72
-
SHA512
f6934d6c6018b7bbc497e9125902508a9f5c3c92f587cdf9108134b9312c1a02d6f170eb5ca6bd8c214e86ad558f9bdc0665826c1d399371f5ebf7682b111211
-
SSDEEP
24576:/PnWOF75/d4w93KaF0lkm2ptwTWlpJosIoFAtaAEE53ycaxA:XWOdga8N2ptTzSL7ax
Malware Config
Extracted
remcos
3.1.5 Pro
RemoteHost
79.134.225.77:2050
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-PW5C08
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
c4d3332a0cd279de2349c5674802be7f
-
Size
1.2MB
-
MD5
c4d3332a0cd279de2349c5674802be7f
-
SHA1
3a7e0ccb3568a46a79b9038d21456d9a8f9b796a
-
SHA256
53a3ad7bdb3e31f652df524b5268135d62d21511bc19c5544619fda882fccc72
-
SHA512
f6934d6c6018b7bbc497e9125902508a9f5c3c92f587cdf9108134b9312c1a02d6f170eb5ca6bd8c214e86ad558f9bdc0665826c1d399371f5ebf7682b111211
-
SSDEEP
24576:/PnWOF75/d4w93KaF0lkm2ptwTWlpJosIoFAtaAEE53ycaxA:XWOdga8N2ptTzSL7ax
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-