General
-
Target
3610a513abb50127c22a6c5d2c84b814a5743ba2de685c031725601a23f3bdc3
-
Size
1.3MB
-
Sample
240408-rrx64sbc42
-
MD5
290102d5e403f9eb6d7cd7fe3188d307
-
SHA1
bac36c2536721592ebcac74a88c50b00fab67e5a
-
SHA256
3610a513abb50127c22a6c5d2c84b814a5743ba2de685c031725601a23f3bdc3
-
SHA512
9f8f0ba6d4c81541a2aa55a3f5c5d63eaab1fe1dca8c98e26e4c605b5dc4ce734dff6656f139cbac73c0d753939964af28dc5f2b0d09e03da4361dc65f35a556
-
SSDEEP
24576:6AHnh+eWsN3skA4RV1Hom2KXMmHal8/L5Sq6C/pWPxGgp5:Nh+ZkldoPK8Yal8FS5j
Malware Config
Extracted
remcos
RemoteHost
shgoini.com:30902
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-7XHN5V
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
3610a513abb50127c22a6c5d2c84b814a5743ba2de685c031725601a23f3bdc3
-
Size
1.3MB
-
MD5
290102d5e403f9eb6d7cd7fe3188d307
-
SHA1
bac36c2536721592ebcac74a88c50b00fab67e5a
-
SHA256
3610a513abb50127c22a6c5d2c84b814a5743ba2de685c031725601a23f3bdc3
-
SHA512
9f8f0ba6d4c81541a2aa55a3f5c5d63eaab1fe1dca8c98e26e4c605b5dc4ce734dff6656f139cbac73c0d753939964af28dc5f2b0d09e03da4361dc65f35a556
-
SSDEEP
24576:6AHnh+eWsN3skA4RV1Hom2KXMmHal8/L5Sq6C/pWPxGgp5:Nh+ZkldoPK8Yal8FS5j
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Drops startup file
-
Executes dropped EXE
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-