General
-
Target
10072024_1503_09072024_HUGHUR343EDRFQ.docx
-
Size
16KB
-
Sample
240710-se5absvanq
-
MD5
830c2b82a06eeb1950161dc65f313bda
-
SHA1
01fd8522710ffd0635f2755dc93ca7b1485b0bae
-
SHA256
2e866dc1f844a29e6b551e4a111147f05125d598cac2c5424fa0cc1a73ef07b8
-
SHA512
f594cbe8a500bbe1e5cc59879af4c8a05a2da0ab2f3b2ae3f214c5793db82fe9109e7b5d28a56d925edb8c2564389bba7b72b482d9c6fc9ea85622ed2768968a
-
SSDEEP
384:WyXBnQPWys8PL8wi4OEwH8TIbE91r2fRyJYRvi49U1Gk:WcBUh5P3DOqnYJswvR9U1p
Malware Config
Extracted
remcos
THEONE
45.66.231.218:4259
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-UII1DP
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
10072024_1503_09072024_HUGHUR343EDRFQ.docx
-
Size
16KB
-
MD5
830c2b82a06eeb1950161dc65f313bda
-
SHA1
01fd8522710ffd0635f2755dc93ca7b1485b0bae
-
SHA256
2e866dc1f844a29e6b551e4a111147f05125d598cac2c5424fa0cc1a73ef07b8
-
SHA512
f594cbe8a500bbe1e5cc59879af4c8a05a2da0ab2f3b2ae3f214c5793db82fe9109e7b5d28a56d925edb8c2564389bba7b72b482d9c6fc9ea85622ed2768968a
-
SSDEEP
384:WyXBnQPWys8PL8wi4OEwH8TIbE91r2fRyJYRvi49U1Gk:WcBUh5P3DOqnYJswvR9U1p
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-