General
-
Target
002863a1610420fbdd33527b235ae720.rtf
-
Size
70KB
-
Sample
240416-t1cymsgd9y
-
MD5
002863a1610420fbdd33527b235ae720
-
SHA1
0e954b555b08faf3dae04019947ab06f751dddb0
-
SHA256
92a8482b9e7ca1ad4d86c76cab2ed363fa995cdfa50c919a3714c28c7016020c
-
SHA512
ea957090b43430f044006f08616a3a4b4fb71817c7abc03b8a0b702a1ffca37e0e62877e46bd6197b82b1460b36691365f49d9f001506b3bb610aa93853e514e
-
SSDEEP
1536:4l1SraAXer10fWIydP+5F1ooej8PKRecB4+itb52sDWtvUCUUSVpRA/o:MS+AXer10fWIydo1oxj8PKRecB4+itbT
Malware Config
Extracted
remcos
RemoteHost
nomoreremcos.duckdns.org:14645
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-2DQRZG
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
002863a1610420fbdd33527b235ae720.rtf
-
Size
70KB
-
MD5
002863a1610420fbdd33527b235ae720
-
SHA1
0e954b555b08faf3dae04019947ab06f751dddb0
-
SHA256
92a8482b9e7ca1ad4d86c76cab2ed363fa995cdfa50c919a3714c28c7016020c
-
SHA512
ea957090b43430f044006f08616a3a4b4fb71817c7abc03b8a0b702a1ffca37e0e62877e46bd6197b82b1460b36691365f49d9f001506b3bb610aa93853e514e
-
SSDEEP
1536:4l1SraAXer10fWIydP+5F1ooej8PKRecB4+itb52sDWtvUCUUSVpRA/o:MS+AXer10fWIydo1oxj8PKRecB4+itbT
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-