General
-
Target
68cea9010d80e4407933f78894046142dcebe04ab70716812a67d187f09485ad
-
Size
2.3MB
-
Sample
240427-ncppmshh71
-
MD5
d5b37c00b2a0a77e363032aa6b2744fe
-
SHA1
d81448dda2511797ca69016745e54bbd3cd39ee0
-
SHA256
68cea9010d80e4407933f78894046142dcebe04ab70716812a67d187f09485ad
-
SHA512
e586f16ff215980ecbe4be85c9d7d8c904f876ade75c75f31a69e037ba4fb101de788b52dace9c70c2c92c2234c6a38f44d43a3263a5cd9a22cea8765a9eadfd
-
SSDEEP
49152:7NyPL3UVWD2U8fBOcEfV2rUld+1gqB2uKR0wfLlC08a82Qr:7NyPrUVWiU8fBOccsrUlM1lEuKRVX8aM
Malware Config
Extracted
remcos
255==Abrilllll==$024
7g378gd2udx98d23d.con-ip.com:5023
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-XMR3RJ
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
68cea9010d80e4407933f78894046142dcebe04ab70716812a67d187f09485ad
-
Size
2.3MB
-
MD5
d5b37c00b2a0a77e363032aa6b2744fe
-
SHA1
d81448dda2511797ca69016745e54bbd3cd39ee0
-
SHA256
68cea9010d80e4407933f78894046142dcebe04ab70716812a67d187f09485ad
-
SHA512
e586f16ff215980ecbe4be85c9d7d8c904f876ade75c75f31a69e037ba4fb101de788b52dace9c70c2c92c2234c6a38f44d43a3263a5cd9a22cea8765a9eadfd
-
SSDEEP
49152:7NyPL3UVWD2U8fBOcEfV2rUld+1gqB2uKR0wfLlC08a82Qr:7NyPrUVWiU8fBOccsrUlM1lEuKRVX8aM
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-