General
-
Target
f3eb9a68382f34573df266cecb1beab7225e89769cf883b7e7d077d436ecbe3b
-
Size
1.3MB
-
Sample
241011-ad71qayhll
-
MD5
6a3e54f95954dd5e530a7690c3a69190
-
SHA1
0ba952028301aec45c20c1c13bf4f7b05768593e
-
SHA256
f3eb9a68382f34573df266cecb1beab7225e89769cf883b7e7d077d436ecbe3b
-
SHA512
ba63360189c9907927d2108e4b57d5dd6b3a28d6237844de6ff3a2ce7d935ad1e2664d63ca2b9120ce635d22853c0479c8100a55a6396e492cda8578716e4d78
-
SSDEEP
24576:piWOIXH4/psk1sBnnM59q2L1Ok4Q6leGdwOMxsuWLn0Z60LhAkP4ugIH02:r34/6k1sRn69R/seGd4ib0fng402
Malware Config
Extracted
remcos
mass_cl
mass2024.duckdns.org:2025
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-ZTNDH8
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Request for Quotation and PO101024_ppt.scr
-
Size
1.7MB
-
MD5
6e6776e196f88bb6a23aeba0a588a7f9
-
SHA1
b65ba8d9ff41bccc1a4a7df6b22f83ba08802824
-
SHA256
991d410ddd280221d14b30dfa026484f3913911e9c9ea984b43542c3b7f4597e
-
SHA512
a24d8f0c1ce3c7579737dea0655148d20ddc85908aa49e34afdb79e8ddc747319f2a8798175dc0f344688fc041525fe9de667c61d2b3f3b5f6c96a69ef674291
-
SSDEEP
24576:vfmMv6Ckr7Mny5Q87sPX1Ir56Yl1ySmoIlaG/mUOXsWo1na3qiDrwOZQu4IHG:v3v+7/5Q87sP1C5LdOaG/U4xaV/44G
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-