General
-
Target
6c3b88c4675ff6cad62702925a3390f1.bin
-
Size
1.3MB
-
Sample
240727-cfkz3ssgph
-
MD5
45e92d876fd6ff38b6b668d39e2b166d
-
SHA1
b63f6c7559522cbd4965ec51963055b432fc736e
-
SHA256
d06628ac028784af0add1dbf62aad46f4bdade1a9324a03bd504fe7e3d306502
-
SHA512
657d204cf221ce106b08ca30d96882242797a468e266e6d6dd2a36e45d8b5f09b6ee6dc1b03fbeceb9ab872cc7be0570a338ce9ae95a46abd8585909ed65e7f6
-
SSDEEP
24576:3c5YGLAFn565eVeHFfmfR5bGz0d9/x7/byjernRM4xdxMZsJDA89lSCwG78HLFAC:3+LAxw5eV6g5qgobWDAk2G7iJr
Malware Config
Extracted
remcos
RemoteHost
103.198.26.25:96
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-IPUJM4
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
a8e25a2520c09dd71e17afbde126f58514921c6d967a786bde096fafda08701a.exe
-
Size
2.2MB
-
MD5
6c3b88c4675ff6cad62702925a3390f1
-
SHA1
d7c0fdc2b3b92df96b5bcd7a390aa7312df086a5
-
SHA256
a8e25a2520c09dd71e17afbde126f58514921c6d967a786bde096fafda08701a
-
SHA512
ee611d1b240a25a02d8ea9ecca3deb943da34dfcb03a38c2e5d8b40a2cea60d4d4446f968b4af6dc6c9f21bd951b3023e16939ebd1fe0a3fd0867f6a0d143e4a
-
SSDEEP
49152:qB1BRf3rOSzOzrFNj8e1KbWF8K7Vk3SZTH4OWOEkw/R8jDYWg16pb67Wy/Zz:aaRrFCI4v7p
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Suspicious use of SetThreadContext
-