General
-
Target
Inquiry-PA4810.tbz
-
Size
817KB
-
Sample
240829-hw97ssyfjb
-
MD5
ffb7a2186b37c27044347986b945c576
-
SHA1
c22ccfc1b60bd1a399e64cd654cbbda47295450c
-
SHA256
6699c01aeb3c522aa25ab28fb1c269321839f93c136aeae62f16ea4adc4b9aa6
-
SHA512
b3f1c9de23023abc79b1f1288f94b347efcdb62a04b90c6c9a92945237b6bf3123a4cbeaae46d51995a5f2dfa95ca90455ca7bb442a4abac897766bc3d82f23a
-
SSDEEP
24576:d8hZtuat2O/TxpwdRGk8Ev9sHOVo98CLQoL:uhZ4qz/Tx+LGkB4OVo3LpL
Malware Config
Extracted
remcos
MO
mo201.ddns.net:1088
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-R95UJZ
-
screenshot_crypt
true
-
screenshot_flag
true
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
1
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Inquiry-PA4810.exe
-
Size
1.3MB
-
MD5
2eb62b4422d2f4796766333f77439a46
-
SHA1
d05310de4d0e724a62936c44862f5a98692a4f50
-
SHA256
ac7c0664851b8be645cbc51bf2e88490fae12671619017b755547e95fd5601b4
-
SHA512
07c53505560e3faf40db0de3d45ad6cc9eaad8e525d2b64b227259dc2d11d4ab2586b8f428bf166d74738db87f176a1edeed21433a502b6e046e673e22873bf3
-
SSDEEP
24576:wtb20pkaCqT5TBWgNQ7ap1BUKFYsjuCKfPvnWVJyBZ6A:5Vg5tQ7afqKfy3f48z5
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Suspicious use of SetThreadContext
-