General
-
Target
REF 00043959499885345 JFJDJFJDFJMCNFHV DFGDFGDFG ELECTRÓNICO DE TRANSACCIÓN 00039992344.tar
-
Size
1.1MB
-
Sample
240418-zdpltafd7y
-
MD5
c74026291d5554b50a37b9f474c1a40e
-
SHA1
78e2d3a9c5efe08101ed71f8888cdce1e798d003
-
SHA256
1dd4bbd94a72839becaa3cdf2b51bc26d3bd1f56ff28914c6b7efb6d862e5e02
-
SHA512
23e088c0919b0fe55739bc6116d01d286b6fe01f0bdc8a1cef99aea6e65164cfaa18d0adeff7f9320b209044232e89dbebea2ee068450cedfc5091adaa4464bf
-
SSDEEP
24576:Gyya1XmfIxejogOJd54INgEaUMCrhgyzHugbQOFWEvVxepgyn2avNv6+Ir:LYfIxeMgud9bamhqzmleyyna
Malware Config
Extracted
remcos
ARMAS
cada1224.con-ip.com:1997
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-Z0DI4D
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
REF 00043959499885345 JFJDJFJDFJMCNFHV DFGDFGDFG ELECTRÓNICO DE TRANSACCIÓN 00039992344.tar
-
Size
1.1MB
-
MD5
c74026291d5554b50a37b9f474c1a40e
-
SHA1
78e2d3a9c5efe08101ed71f8888cdce1e798d003
-
SHA256
1dd4bbd94a72839becaa3cdf2b51bc26d3bd1f56ff28914c6b7efb6d862e5e02
-
SHA512
23e088c0919b0fe55739bc6116d01d286b6fe01f0bdc8a1cef99aea6e65164cfaa18d0adeff7f9320b209044232e89dbebea2ee068450cedfc5091adaa4464bf
-
SSDEEP
24576:Gyya1XmfIxejogOJd54INgEaUMCrhgyzHugbQOFWEvVxepgyn2avNv6+Ir:LYfIxeMgud9bamhqzmleyyna
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-