General
-
Target
Archivevalidv4.exe
-
Size
1.1MB
-
Sample
240705-pq2f2aybrj
-
MD5
53f65a903c4f640dad1ad867312ce2b4
-
SHA1
430c553d2e2bb710276bfe2c9fcc53500d78e42a
-
SHA256
282e21b4e24a80365369629257f9b637033adbad5834d8b9498db29b48fd160b
-
SHA512
8dca2d31ffe29d1ed35127d0c658770b9e40b2e089591cf0c8d0555f9540ebc6f2a7cc7cca0155af5760605ec8b33f4fd0bf353861267c790c04e7a81507b6d7
-
SSDEEP
24576:N5Hkbl3R4gXjElyx5VPMwD/m/r5hlxTy77YfE1vTwp:N5EbdR4wjE8xHXa/rPqV8
Malware Config
Extracted
remcos
GiugnoV6
newlife10mln.top:2502
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
sdsad-YH33JR
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Archivevalidv4.exe
-
Size
1.1MB
-
MD5
53f65a903c4f640dad1ad867312ce2b4
-
SHA1
430c553d2e2bb710276bfe2c9fcc53500d78e42a
-
SHA256
282e21b4e24a80365369629257f9b637033adbad5834d8b9498db29b48fd160b
-
SHA512
8dca2d31ffe29d1ed35127d0c658770b9e40b2e089591cf0c8d0555f9540ebc6f2a7cc7cca0155af5760605ec8b33f4fd0bf353861267c790c04e7a81507b6d7
-
SSDEEP
24576:N5Hkbl3R4gXjElyx5VPMwD/m/r5hlxTy77YfE1vTwp:N5EbdR4wjE8xHXa/rPqV8
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-