General
-
Target
651654794161616171771852588547475885414152526396369965885471452525258.exe
-
Size
1.6MB
-
Sample
240814-ypvfrs1ejc
-
MD5
e2100d88aca7c0a44ba9bb988ccd3916
-
SHA1
ddaf17adbc769556037bb4fbf4bce7065bf57ef3
-
SHA256
75f846b15fa1b548a0143f35584b25875a03c03a783e9310c8573f3b76957688
-
SHA512
5b7fb077ea9d7d1310db3eb26b6624e3d12fe9f3d55d0a37d57c28197dab7e05449c6611d5b9a02f054d8ad790e12050228c8d7b913bb55e3f2b0da694c67ec5
-
SSDEEP
49152:V4YmfVL6qia9N0LW0XgZKljmXEiqofjQEvFBKuQZ3:V4PfVL9zwrjmXEiqkjQEvFBfQZ3
Malware Config
Extracted
remcos
GOLAZO
agosto14.con-ip.com:7772
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-KKPQTN
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
651654794161616171771852588547475885414152526396369965885471452525258.exe
-
Size
1.6MB
-
MD5
e2100d88aca7c0a44ba9bb988ccd3916
-
SHA1
ddaf17adbc769556037bb4fbf4bce7065bf57ef3
-
SHA256
75f846b15fa1b548a0143f35584b25875a03c03a783e9310c8573f3b76957688
-
SHA512
5b7fb077ea9d7d1310db3eb26b6624e3d12fe9f3d55d0a37d57c28197dab7e05449c6611d5b9a02f054d8ad790e12050228c8d7b913bb55e3f2b0da694c67ec5
-
SSDEEP
49152:V4YmfVL6qia9N0LW0XgZKljmXEiqofjQEvFBKuQZ3:V4PfVL9zwrjmXEiqkjQEvFBfQZ3
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Adds Run key to start application
-