General
-
Target
ea710c5f0a39a9d3b524977066acde36_JaffaCakes118
-
Size
221KB
-
Sample
240919-c8rckaxbpk
-
MD5
ea710c5f0a39a9d3b524977066acde36
-
SHA1
ee738124decd05b712f615bcb1e8227d9b1ba3bb
-
SHA256
74feb165656f8f823d446f77d8e791630359bc1f7a749964001feadb286c56b1
-
SHA512
a6ec0fb736eb1881af88d1c0a377d3a990afef9c7a5fae9417959cec52445a1acd6c3c7d3c2cb255630bb176e0bc1bf6a0eb4511c8f603ef5d86a53ddfc69b28
-
SSDEEP
3072:nhz3Jl6hYIbM4rOOCNr4TDsPqbDyplNmNq2E+PKqGEMsjP96s/gDXslCUZFADWat:hDz6hYIbMuOZqgqbDAx+Pd8sLs0hEW
Malware Config
Extracted
remcos
2.5.0 Pro
twentysevenfeb
185.140.53.154:8760
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-SPSHQY
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
ea710c5f0a39a9d3b524977066acde36_JaffaCakes118
-
Size
221KB
-
MD5
ea710c5f0a39a9d3b524977066acde36
-
SHA1
ee738124decd05b712f615bcb1e8227d9b1ba3bb
-
SHA256
74feb165656f8f823d446f77d8e791630359bc1f7a749964001feadb286c56b1
-
SHA512
a6ec0fb736eb1881af88d1c0a377d3a990afef9c7a5fae9417959cec52445a1acd6c3c7d3c2cb255630bb176e0bc1bf6a0eb4511c8f603ef5d86a53ddfc69b28
-
SSDEEP
3072:nhz3Jl6hYIbM4rOOCNr4TDsPqbDyplNmNq2E+PKqGEMsjP96s/gDXslCUZFADWat:hDz6hYIbMuOZqgqbDAx+Pd8sLs0hEW
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-