General
-
Target
ea7731870bb2af22b4a27e3c2a34b5ee_JaffaCakes118
-
Size
1.1MB
-
Sample
240919-djzhbaxgqk
-
MD5
ea7731870bb2af22b4a27e3c2a34b5ee
-
SHA1
838f2fcc622b22ab47097be9226c42efe1138d37
-
SHA256
2d131382a95f99413d048cc55d9c053585001bc4e7813f88bed714fc3382cb0c
-
SHA512
0b6d5dc13a58b5010fca93bb16f5c47aff80f65e9b23c75c0a152371b84e9e3ff795796dd709e5c6a7af50f083a6a6304478ef016c118c47524968362c47ca38
-
SSDEEP
24576:+4lavt0LkLL9IMixoEgealNOWU8wE9Eq9MmCS:pkwkn9IMHealNOWfr2aPCS
Malware Config
Extracted
remcos
1.7.3 Pro
BB
SupportWin.dyndns.pro:10066
ServiceWin.Dynamic-DNS.net:10066
Qw3r.xxxy.info:10066
IM36.xxxy.info:10066
45df36.xxxy.info:10066
backend.system-ns.net:10066
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
Adobe
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
A1s2d3f-A2BYVT
-
screenshot_crypt
true
-
screenshot_flag
false
-
screenshot_folder
Screen
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
remcos
-
take_screenshot_option
true
-
take_screenshot_time
2
-
take_screenshot_title
credit;creditcard;kredit;kreditkarte;payment;bitcoin;paypal;bazahl;ausweis;giftcard;card;gutschein
Targets
-
-
Target
ea7731870bb2af22b4a27e3c2a34b5ee_JaffaCakes118
-
Size
1.1MB
-
MD5
ea7731870bb2af22b4a27e3c2a34b5ee
-
SHA1
838f2fcc622b22ab47097be9226c42efe1138d37
-
SHA256
2d131382a95f99413d048cc55d9c053585001bc4e7813f88bed714fc3382cb0c
-
SHA512
0b6d5dc13a58b5010fca93bb16f5c47aff80f65e9b23c75c0a152371b84e9e3ff795796dd709e5c6a7af50f083a6a6304478ef016c118c47524968362c47ca38
-
SSDEEP
24576:+4lavt0LkLL9IMixoEgealNOWU8wE9Eq9MmCS:pkwkn9IMHealNOWfr2aPCS
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Drops startup file
-
Suspicious use of SetThreadContext
-