General
-
Target
Remcos v4.9.4 Light.exe
-
Size
39.1MB
-
Sample
240418-svjnkagg45
-
MD5
c70f62ad76e1940565fdfeca428f2fe0
-
SHA1
7d338eacff26ff0b7997aa245f4d7eab63e4d28a
-
SHA256
cd2ad45438bfc72f476d428b35d0841ba62c2c6bf47254b135611e572cc61178
-
SHA512
72d10c8de4f832522d2d1e26a876c20d22e83b6ff3d88817acd554b8b09cb3455095b3fb3639b128e5ccc1362d28391272eea11b74094e09abfe28f54cb8846a
-
SSDEEP
786432:/K+WUb/Tbaa8vi7d1ZxjmsiHtdnu0SVBnUqmrVQYNMx8SUeujIVx+N8T:/FPb/TFXTZdEC6qms+SLujmA8
Malware Config
Extracted
remcos
4.9.4 Light
RemoteHost
127.0.0.1:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-PSMXX7
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Remcos v4.9.4 Light.exe
-
Size
39.1MB
-
MD5
c70f62ad76e1940565fdfeca428f2fe0
-
SHA1
7d338eacff26ff0b7997aa245f4d7eab63e4d28a
-
SHA256
cd2ad45438bfc72f476d428b35d0841ba62c2c6bf47254b135611e572cc61178
-
SHA512
72d10c8de4f832522d2d1e26a876c20d22e83b6ff3d88817acd554b8b09cb3455095b3fb3639b128e5ccc1362d28391272eea11b74094e09abfe28f54cb8846a
-
SSDEEP
786432:/K+WUb/Tbaa8vi7d1ZxjmsiHtdnu0SVBnUqmrVQYNMx8SUeujIVx+N8T:/FPb/TFXTZdEC6qms+SLujmA8
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-