General
-
Target
1b077d22d646da1f217ab922ac25b3b8_JaffaCakes118
-
Size
3.5MB
-
Sample
240701-m2kasaxeqg
-
MD5
1b077d22d646da1f217ab922ac25b3b8
-
SHA1
0b253513d20c1333e48aad14ea2ade38a285bf03
-
SHA256
1be71450bb7ccc0bb07bc0247a951a07568d0077b4ad025771993cfce4a4e886
-
SHA512
d5e4f7c1e5c6f090675829e0166b5dcac732a94ad50f3ea0f4d942ebb9b98f5a483153d60e52f653250dffd7ec4572aef5baeaa0a7ccb8abe318a56c98c57218
-
SSDEEP
49152:aNpFPhoSpEUccKaLJDuQncCghrbwnddqLTVee3SG:aZDDuQcCgBcdI1x
Malware Config
Extracted
remcos
2.6.0 Pro
�����
37.252.11.23:7878
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
Windows.exe
-
copy_folder
Temp
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
132123dsaasd-Q14G2Y
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Defender
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
1b077d22d646da1f217ab922ac25b3b8_JaffaCakes118
-
Size
3.5MB
-
MD5
1b077d22d646da1f217ab922ac25b3b8
-
SHA1
0b253513d20c1333e48aad14ea2ade38a285bf03
-
SHA256
1be71450bb7ccc0bb07bc0247a951a07568d0077b4ad025771993cfce4a4e886
-
SHA512
d5e4f7c1e5c6f090675829e0166b5dcac732a94ad50f3ea0f4d942ebb9b98f5a483153d60e52f653250dffd7ec4572aef5baeaa0a7ccb8abe318a56c98c57218
-
SSDEEP
49152:aNpFPhoSpEUccKaLJDuQncCghrbwnddqLTVee3SG:aZDDuQcCgBcdI1x
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Blocklisted process makes network request
-