General
-
Target
76c073734ff5f0942c8c539be408367b83a78ce995e8d9502bea6e9d83d1c3ad.exe
-
Size
1.6MB
-
Sample
241015-b5xvha1gmj
-
MD5
19801cf904884fb5e33a7595d6a616c3
-
SHA1
56792c80985a4ae57d85fdbe7d1f812152c5d2ad
-
SHA256
76c073734ff5f0942c8c539be408367b83a78ce995e8d9502bea6e9d83d1c3ad
-
SHA512
f7a37a99f18cdbb35ea03920f305e1bc8a5ada62a7bdc785d30fe85662f7b27a35b592449073ff30a113a6ba6c75d6e54c043e7a61a052a9d5b3f498ca99699f
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLfrgh8kkKe+rGW/FgkI5NSBJFLM7XV4:f3v+7/5QLfrgh8cFgh+pM7XV4
Malware Config
Extracted
remcos
RemoteHost
www.projectusf.com:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
gfh
-
mouse_option
false
-
mutex
Rmc-J91LMC
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
76c073734ff5f0942c8c539be408367b83a78ce995e8d9502bea6e9d83d1c3ad.exe
-
Size
1.6MB
-
MD5
19801cf904884fb5e33a7595d6a616c3
-
SHA1
56792c80985a4ae57d85fdbe7d1f812152c5d2ad
-
SHA256
76c073734ff5f0942c8c539be408367b83a78ce995e8d9502bea6e9d83d1c3ad
-
SHA512
f7a37a99f18cdbb35ea03920f305e1bc8a5ada62a7bdc785d30fe85662f7b27a35b592449073ff30a113a6ba6c75d6e54c043e7a61a052a9d5b3f498ca99699f
-
SSDEEP
24576:ffmMv6Ckr7Mny5QLfrgh8kkKe+rGW/FgkI5NSBJFLM7XV4:f3v+7/5QLfrgh8cFgh+pM7XV4
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-