General
-
Target
ebcb7eafd26589b355646f656da095a3e8c99c29f515df55cd1b7d94180874ae.zip
-
Size
788KB
-
Sample
240727-cjsjbszgjk
-
MD5
1ad410452a4bd5f0ebe5214b22b49443
-
SHA1
13901a7c7e4d948e8fcaf0be59a0286daf4a5b07
-
SHA256
ebcb7eafd26589b355646f656da095a3e8c99c29f515df55cd1b7d94180874ae
-
SHA512
6f0f4784a0bf5b2888a0ba8561f09df20e943471f63bc115a7930e9eec310dc24008829165f0980a20924cd4f2814255e66475149884cd25b1ea15b569834707
-
SSDEEP
384:z58rRZEYhWhI8lqpVE8y8yGErC998g2EArlzU:EEejEKErREKzU
Malware Config
Extracted
remcos
huma
81.19.139.74:4343
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-OMQQOG
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
brt_1_0147.doc.lnk
-
Size
47KB
-
MD5
5606f3be084e863103d1b8c48ab8ad3d
-
SHA1
fff6f57a660ade49d9532d66560faaf88d1ac6ea
-
SHA256
7b82dbf6f4e480cd2b805b8c23d3f0d864b1de7242f04adf6a9078ca6e8930ef
-
SHA512
5b51be7a4710a9fc9c09447f9347f0b775eb7bd1c2e9da9de34318397ff492cc62553d18796d2677b2c6c6d9984b2aefad0f8088d2f873af9b8167c02130b7d8
-
SSDEEP
48:88B8ZVOtUl8jBNjQa4ZxCcZVpzLWEwdCZZGXu/dZZZg:8m8j3a4ZxCY9LWhur
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
oshad_88.docx.lnk
-
Size
15KB
-
MD5
fb1d6a5925aa809496f8d664fb91146d
-
SHA1
4347f9cb130b55cdf4460ce44b69074ead405f44
-
SHA256
a115bd24258d2fa68c60a051026c9736e99d6bca72ca33c74b92e2965efbb71a
-
SHA512
47812284789b246182ff7f7f96715f8c11c1a91d3bfbc8827d6047dced86017a162fbcb2e427cba44a70b71a68c24801da62d590f42601c5339f7b09b3003a1a
-
SSDEEP
48:81O8xwO/fbjapvpVxCcTjRSbGdCZZGXu/dZZZg:81O8KaapvpVxCYnur
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
rv_luti_2024_roku.xlsx.lnk
-
Size
32KB
-
MD5
ccc8b9cd493472f0d518b807d3951fda
-
SHA1
f76898a4231b6fd71a22781156206a76568b9279
-
SHA256
6d93a42c2bffbf94f703b3bbe6e0e9026d76bfb501367bbeb1c2531e28ac6cab
-
SHA512
40bfa4428eb7a1fa21d2bf75b972196935e6710920827fe49bdae758e3262f761731c2921ea0ef460f8bd2319ff00270787c09888995a276648be7e0cd1580df
-
SSDEEP
48:808xwONuZDa46xCcgPcDpWdCZFXuGdZ+g:808KSuda46xCrPK9uL
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
telegrama_ksv_po_btgr.jpg.lnk
-
Size
691KB
-
MD5
1b61b585894e7f10e0832267aece4ae5
-
SHA1
dfe46a56fa632dca431378783294d0d628dbbf11
-
SHA256
7fc0ad878bbb15947115a6726c873bf8f682f7ef9e4ad8eed87718e710462d68
-
SHA512
2b1c2503bea85fb3506ee8873c738fc94ef6eb30b61267db648438bfc807aad89695898c98911f8c5f1728d4b807d0cdbd425dcefff1ad004de7a5e8590516a4
-
SSDEEP
24:87+L4zxKx2cWwlAFWY+/CWd3LUJ9PRZXhuaEkDllXQdxb0NFxCcK4hyJllQQK7Oj:8C8xwOu3m9PRZRuaqoxCcKXP9Ousbsg
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-