General
-
Target
FedEX Receipt_AWB# 779187550472.exe.v
-
Size
915KB
-
Sample
241206-hwaf6svrgv
-
MD5
67280e0aa391e0583402048f03ce0343
-
SHA1
f68a9378e8d8f0c5ba10fc63fb51c6f14baaefac
-
SHA256
d8029b14e5fa065e09f0dee40b19978cb59633d86c708974b97aabf15a569b38
-
SHA512
467955349f07a1c02251fc1418c9a1a622cf6405264efa99454f02641b5b36b79802016c1bbdad6ff70a59400be68345da470033716558fbd1a71299aaad25cc
-
SSDEEP
24576:h3akAx8VHZGbfkYQYT0GZ23/PR+0cb+x1j:pakAx8VHZaNZyo0cb+x1
Malware Config
Extracted
remcos
ood
goody.work.gd:4173
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
vlc
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
ios
-
mouse_option
false
-
mutex
gig-R8G1B2
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
sos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
FedEX Receipt_AWB# 779187550472.exe.v
-
Size
915KB
-
MD5
67280e0aa391e0583402048f03ce0343
-
SHA1
f68a9378e8d8f0c5ba10fc63fb51c6f14baaefac
-
SHA256
d8029b14e5fa065e09f0dee40b19978cb59633d86c708974b97aabf15a569b38
-
SHA512
467955349f07a1c02251fc1418c9a1a622cf6405264efa99454f02641b5b36b79802016c1bbdad6ff70a59400be68345da470033716558fbd1a71299aaad25cc
-
SSDEEP
24576:h3akAx8VHZGbfkYQYT0GZ23/PR+0cb+x1j:pakAx8VHZaNZyo0cb+x1
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Remcos family
-
Suspicious use of SetThreadContext
-