General
-
Target
8560d2cdf6bd8ffb30fe031081360c1f.exe.zip
-
Size
1.6MB
-
Sample
240925-sm18mswaja
-
MD5
4841159ab169a50633912052bca879c7
-
SHA1
a7f86ab7b0f3594b5f76ef21832769db0ecdfa9e
-
SHA256
09c15114a15d5569cb510bbe093d1a9dc1fc7f6dc255aa6b0ef9077156c2f6ac
-
SHA512
1d7ed8bd0b16b2ed8befac93834627c3bda4aa97c4a463a2ecfc9b535ff8c50b2a411885e8359ab7e4356256bcf7ebec1eaea4b749a74c761a421db31716117f
-
SSDEEP
12288:u99aveBHG9JpVy3Dc7lIwI1H2HFFjaKB+D5CvhHpKPkjma+kO2:09xmXpWDc72DqFZxxvhMkjBbO2
Malware Config
Extracted
remcos
PLATA
comercio43.con-ip.com:1835
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
registros.dat
-
keylog_flag
false
-
keylog_folder
data34
-
mouse_option
false
-
mutex
kiustong-7N6PEP
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Capturas de pantalla
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
8560d2cdf6bd8ffb30fe031081360c1f.exe
-
Size
1024.0MB
-
MD5
a832f6cf4b13db85c4e3d4a5c563800d
-
SHA1
af788bb64b532ad62a64af98f6eeec316efcbd72
-
SHA256
52e9fae2db9e0b5af5c4e28c52508a482348c085fd83e3a2d549c5d676b24470
-
SHA512
7ee6c7c5529ee55f642c79d1ccd160e1d8183b13edf216a9693163f9acf84c6d355dcd028c41c1f022bc1799ba8852eff30f78e3ea68fa505b606e46c08c2547
-
SSDEEP
12288:75RVeIv1Jyhik2XF62YPtnsMg9t4q78cjNgT8Yz48h7UJ:9RVeIv1JygrV6XtsRVUS81UJ
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-