General
-
Target
sostener.vbs
-
Size
5KB
-
Sample
240405-nv9grsah5y
-
MD5
8768032e6604a5bf6b09e302ae821472
-
SHA1
67c6eb81a7ae5e0692c41caeb71bca07d6e92794
-
SHA256
abb5f213c427c01b58436bbc976e2f120f09b9f84b0b858271c60ea4df87b900
-
SHA512
c1b2ba2e2049f3a4110a384227334ab052bf22f794a1acc49767f8ecbcb936e29a48deb4f687b354b2aba6a62b24f58d8bf0c67ba13dd6ca1ad6e5fe25b998bb
-
SSDEEP
96:0QTw2AVy09m32xO26Augt8S4BWtRxQHn8fBGZ2kI:Syd46A5G2kI
Malware Config
Extracted
remcos
RemoteHost
remcoss2024feb.duckdns.org:4576
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-0EVXPH
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
sostener.vbs
-
Size
5KB
-
MD5
8768032e6604a5bf6b09e302ae821472
-
SHA1
67c6eb81a7ae5e0692c41caeb71bca07d6e92794
-
SHA256
abb5f213c427c01b58436bbc976e2f120f09b9f84b0b858271c60ea4df87b900
-
SHA512
c1b2ba2e2049f3a4110a384227334ab052bf22f794a1acc49767f8ecbcb936e29a48deb4f687b354b2aba6a62b24f58d8bf0c67ba13dd6ca1ad6e5fe25b998bb
-
SSDEEP
96:0QTw2AVy09m32xO26Augt8S4BWtRxQHn8fBGZ2kI:Syd46A5G2kI
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-