General
-
Target
d2d047125f00db9f2a56d34b1e1515ff98e593352c59c5aabbc0ca9888aabb31.exe
-
Size
1.4MB
-
Sample
240903-sn7rta1fkb
-
MD5
c0585835beb4bef171c0cf8b15e8d5c5
-
SHA1
db8c9c483776385b86676fa2f3d2d5a49d05bae0
-
SHA256
d2d047125f00db9f2a56d34b1e1515ff98e593352c59c5aabbc0ca9888aabb31
-
SHA512
53a4d4e8617327724efe07473c30c0abc83e82ba81b5a0e79317041cca6552be5a6ba202882888bf0516ca5d5b5997d05b4056196192e6256b012cbce131218f
-
SSDEEP
24576:nqDEvCTbMWu7rQYlBQcBiT6rprG8aW+buh+WZiRDus2vcy2iU6Ylcyo2:nTvC/MTQYxsWR7aW+0+EiZccvio
Malware Config
Extracted
remcos
APPO
pronpostavka.com:2559
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
chrome-EZMR6Q
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
d2d047125f00db9f2a56d34b1e1515ff98e593352c59c5aabbc0ca9888aabb31.exe
-
Size
1.4MB
-
MD5
c0585835beb4bef171c0cf8b15e8d5c5
-
SHA1
db8c9c483776385b86676fa2f3d2d5a49d05bae0
-
SHA256
d2d047125f00db9f2a56d34b1e1515ff98e593352c59c5aabbc0ca9888aabb31
-
SHA512
53a4d4e8617327724efe07473c30c0abc83e82ba81b5a0e79317041cca6552be5a6ba202882888bf0516ca5d5b5997d05b4056196192e6256b012cbce131218f
-
SSDEEP
24576:nqDEvCTbMWu7rQYlBQcBiT6rprG8aW+buh+WZiRDus2vcy2iU6Ylcyo2:nTvC/MTQYxsWR7aW+0+EiZccvio
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-