General
-
Target
8dd3a8d57533cddb053799ed6f14291ed97042e9209870f8daa0a8eeb9223d38.exe
-
Size
937KB
-
Sample
240909-pxb5qayaqp
-
MD5
d153584c42340d402d6e44454c3ad5b2
-
SHA1
e14bfbe2f059a26e75755e29f032c5e0d3cf673c
-
SHA256
8dd3a8d57533cddb053799ed6f14291ed97042e9209870f8daa0a8eeb9223d38
-
SHA512
599b52b887b1c71515ec37ac072b4201a5fa023445b88390a6af0d7e51c90b4d71e02e6c273982efd45f4f2c781fd1608eff5d916968d7c70b06be0b103b33f9
-
SSDEEP
24576:/iUmSB/o5d1ubcvq/q9JwVZeYc+V8leByGrKzp6B3IjM://mU/ohubcvq/2wVZee8leDrKzp638
Malware Config
Extracted
remcos
RemoteHost
system6233.duckdns.org:3045
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-HSZZPP
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
8dd3a8d57533cddb053799ed6f14291ed97042e9209870f8daa0a8eeb9223d38.exe
-
Size
937KB
-
MD5
d153584c42340d402d6e44454c3ad5b2
-
SHA1
e14bfbe2f059a26e75755e29f032c5e0d3cf673c
-
SHA256
8dd3a8d57533cddb053799ed6f14291ed97042e9209870f8daa0a8eeb9223d38
-
SHA512
599b52b887b1c71515ec37ac072b4201a5fa023445b88390a6af0d7e51c90b4d71e02e6c273982efd45f4f2c781fd1608eff5d916968d7c70b06be0b103b33f9
-
SSDEEP
24576:/iUmSB/o5d1ubcvq/q9JwVZeYc+V8leByGrKzp6B3IjM://mU/ohubcvq/2wVZee8leDrKzp638
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
UAC bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-