General
-
Target
Purchase Order Braiconf SA – 16.10.2024.pif.exe
-
Size
1.2MB
-
Sample
241017-j15csaygna
-
MD5
934f1442e272b0ed71069f8139c5c123
-
SHA1
bf85d02e69ae51fabf72765fbf0a2561c9731537
-
SHA256
6c4d9c5cec621f7011b2a5cc6ab33854a7b79f9dd063026dc10610c68d83dbf3
-
SHA512
04bc23fe7773caabc571d34fbde40cdb16b87d0288cc566b607069c740220490ee257b77119785a9902808cd6ac6c15cc0dc72daa3091d0332cd16c53b90b2d5
-
SSDEEP
24576:bEO2KYzT3fNjnwgjbfHlMekUzGMbzZCHGuiYzsf/YvbFAA:bZ/Yz75jh9z79C/Sf
Malware Config
Extracted
remcos
makuo
remmyc.duckdns.org:57155
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-82JTYR
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Purchase Order Braiconf SA – 16.10.2024.pif.exe
-
Size
1.2MB
-
MD5
934f1442e272b0ed71069f8139c5c123
-
SHA1
bf85d02e69ae51fabf72765fbf0a2561c9731537
-
SHA256
6c4d9c5cec621f7011b2a5cc6ab33854a7b79f9dd063026dc10610c68d83dbf3
-
SHA512
04bc23fe7773caabc571d34fbde40cdb16b87d0288cc566b607069c740220490ee257b77119785a9902808cd6ac6c15cc0dc72daa3091d0332cd16c53b90b2d5
-
SSDEEP
24576:bEO2KYzT3fNjnwgjbfHlMekUzGMbzZCHGuiYzsf/YvbFAA:bZ/Yz75jh9z79C/Sf
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Suspicious use of SetThreadContext
-