General
-
Target
0d06b0d6a58b0c336ae7bc5dda9d65e0_NeikiAnalytics.exe
-
Size
124KB
-
Sample
240526-3nkx6agc7s
-
MD5
0d06b0d6a58b0c336ae7bc5dda9d65e0
-
SHA1
c44b23545b390fcba42798a845dfe621a6a82959
-
SHA256
862dd3b6dc6f0d6ed480611c2407dd604e21a833b8068af7891676553959a484
-
SHA512
0a626a259cb9701511c826c718ae31c5eceb146a5e884b34763594005d0b5d7aac1b545077d40ce20d48d9e8c6014154646edc9d92c15852db2631adc1394619
-
SSDEEP
3072:MGuV8ukp57/RLyBlNJo4s5ln8m5IYNGDk4Ozqhc/rc+5:MGuVUD7/5yBP3s5p8m5IYNGDtOzqhcv
Malware Config
Extracted
remcos
2.4.5 Pro
Remote%Host
www.rmagent.biz:7181
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
vbs.server.exe
-
copy_folder
vbs.server
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-00GA1C
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
vbs.server
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
0d06b0d6a58b0c336ae7bc5dda9d65e0_NeikiAnalytics.exe
-
Size
124KB
-
MD5
0d06b0d6a58b0c336ae7bc5dda9d65e0
-
SHA1
c44b23545b390fcba42798a845dfe621a6a82959
-
SHA256
862dd3b6dc6f0d6ed480611c2407dd604e21a833b8068af7891676553959a484
-
SHA512
0a626a259cb9701511c826c718ae31c5eceb146a5e884b34763594005d0b5d7aac1b545077d40ce20d48d9e8c6014154646edc9d92c15852db2631adc1394619
-
SSDEEP
3072:MGuV8ukp57/RLyBlNJo4s5ln8m5IYNGDk4Ozqhc/rc+5:MGuVUD7/5yBP3s5p8m5IYNGDtOzqhcv
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-