General
-
Target
200eca54c7f6341b7df45fda4062dfd87c141ce38325adebf1bd79f1a4615d8e.exe
-
Size
1.2MB
-
Sample
241127-cnl74s1pez
-
MD5
0b47488dfc9ded8128a52e8061fb6b33
-
SHA1
9605ff2f9c6b2a4b293979fbc30489bb90c98404
-
SHA256
200eca54c7f6341b7df45fda4062dfd87c141ce38325adebf1bd79f1a4615d8e
-
SHA512
9a72c4633b0e206fa0a9b105ab50cf6e7d0a4e738ff98c367374647bca20a6e8fcb341f197a2d1f70deaf9c6a7e3edc2bf4f61148c4eb2b147280621f5a09e76
-
SSDEEP
24576:nAHnh+eWsN3skA4RV1Hom2KXMmHa0a92mSBRZZQv8gYbqNV98Hf5:ah+ZkldoPK8Yap92PBnO8lqNVmR
Malware Config
Extracted
remcos
RemoteHost
chefdnshost.duckdns.org:6720
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-1H7SC3
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
200eca54c7f6341b7df45fda4062dfd87c141ce38325adebf1bd79f1a4615d8e.exe
-
Size
1.2MB
-
MD5
0b47488dfc9ded8128a52e8061fb6b33
-
SHA1
9605ff2f9c6b2a4b293979fbc30489bb90c98404
-
SHA256
200eca54c7f6341b7df45fda4062dfd87c141ce38325adebf1bd79f1a4615d8e
-
SHA512
9a72c4633b0e206fa0a9b105ab50cf6e7d0a4e738ff98c367374647bca20a6e8fcb341f197a2d1f70deaf9c6a7e3edc2bf4f61148c4eb2b147280621f5a09e76
-
SSDEEP
24576:nAHnh+eWsN3skA4RV1Hom2KXMmHa0a92mSBRZZQv8gYbqNV98Hf5:ah+ZkldoPK8Yap92PBnO8lqNVmR
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Remcos family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-