General
-
Target
8e4656c805621f5b8d18f090c3416d4a23d13e985b1fec1c86dc8586064c315d.exe
-
Size
912KB
-
Sample
241009-mlkavazepq
-
MD5
db7bfb156e62d366247c7cbe83134fcb
-
SHA1
b8f2e3ba2f314d1ca16747188b9d7a2cc5a220ea
-
SHA256
8e4656c805621f5b8d18f090c3416d4a23d13e985b1fec1c86dc8586064c315d
-
SHA512
b8c21fe65ea9d4e8c7465d9380a5636cc84af62906bd3d3cdb91f998b4b204645a387dcb5510aa9950b416204bc091881e8c05a25eacd3233cf75a2f8d0218d5
-
SSDEEP
24576:glYsMI+KbwAbUMqTmxLytNgpKn3/Itf6I:glYsx+KUAgMqGytaKn3/wf
Malware Config
Extracted
remcos
RemoteHost
blakaa.duckdns.org:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-G5I4GA
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
8e4656c805621f5b8d18f090c3416d4a23d13e985b1fec1c86dc8586064c315d.exe
-
Size
912KB
-
MD5
db7bfb156e62d366247c7cbe83134fcb
-
SHA1
b8f2e3ba2f314d1ca16747188b9d7a2cc5a220ea
-
SHA256
8e4656c805621f5b8d18f090c3416d4a23d13e985b1fec1c86dc8586064c315d
-
SHA512
b8c21fe65ea9d4e8c7465d9380a5636cc84af62906bd3d3cdb91f998b4b204645a387dcb5510aa9950b416204bc091881e8c05a25eacd3233cf75a2f8d0218d5
-
SSDEEP
24576:glYsMI+KbwAbUMqTmxLytNgpKn3/Itf6I:glYsx+KUAgMqGytaKn3/wf
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Suspicious use of SetThreadContext
-