General
-
Target
remcos_a.exe
-
Size
469KB
-
Sample
241020-x53awaxgln
-
MD5
415dad07c631c4ba200520de016d863c
-
SHA1
1d65b13dc8d54855398697cbd4d73056929fa106
-
SHA256
8121a8a2ba2f090508fa10d80efb7d0c37bfdc1c1c8d727d0c720bd3fa777a15
-
SHA512
76a6c086a29039b36b5a8510e8be7321cd35d1500aa008041814f5b2bb1b099c2c93bcf8f80fd444256a1e333c2fe207565eb4a5a0d8151bc0e27bfa2df74657
-
SSDEEP
12288:umnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSjn9:WiLJbpI7I2WhQqZ7j9
Malware Config
Extracted
remcos
RemoteHost
nxadafer-31488.portmap.host:31488
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
xdwd.exe
-
copy_folder
xdwd
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%WinDir%\System32
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-IZRY3C
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
xdwd
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
remcos_a.exe
-
Size
469KB
-
MD5
415dad07c631c4ba200520de016d863c
-
SHA1
1d65b13dc8d54855398697cbd4d73056929fa106
-
SHA256
8121a8a2ba2f090508fa10d80efb7d0c37bfdc1c1c8d727d0c720bd3fa777a15
-
SHA512
76a6c086a29039b36b5a8510e8be7321cd35d1500aa008041814f5b2bb1b099c2c93bcf8f80fd444256a1e333c2fe207565eb4a5a0d8151bc0e27bfa2df74657
-
SSDEEP
12288:umnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSjn9:WiLJbpI7I2WhQqZ7j9
Score3/10 -