General
-
Target
6f0604f8a16b94b61d714dfec11d0358.exe
-
Size
865KB
-
Sample
241208-j89x8sykby
-
MD5
6f0604f8a16b94b61d714dfec11d0358
-
SHA1
558828c2ead68ea5883655299a3f0bfad1981ae5
-
SHA256
28331e2705bf58bd76a9f8ba0f0a431b762eaf6e4284dbf12f1453dd3fecf281
-
SHA512
76ebd74ec7b965ff20aad25aa6c0dfc5b7efef087f6bd4bf6f0b2f08427ac65bf320305db16ff00cebc5bfc98c8f22014ed5e7c9cedd37a05721b330326c4eb3
-
SSDEEP
24576:drl6kD68JmlotQfAVnxag+/zxRlk4t4p5G5wJm1wr:Zl328U2yfAVnsgSWpg5km
Malware Config
Extracted
remcos
RemoteHost
192.210.150.26:8787
-
audio_folder
MicRecords
-
audio_path
ApplicationPath
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-R1T905
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
6f0604f8a16b94b61d714dfec11d0358.exe
-
Size
865KB
-
MD5
6f0604f8a16b94b61d714dfec11d0358
-
SHA1
558828c2ead68ea5883655299a3f0bfad1981ae5
-
SHA256
28331e2705bf58bd76a9f8ba0f0a431b762eaf6e4284dbf12f1453dd3fecf281
-
SHA512
76ebd74ec7b965ff20aad25aa6c0dfc5b7efef087f6bd4bf6f0b2f08427ac65bf320305db16ff00cebc5bfc98c8f22014ed5e7c9cedd37a05721b330326c4eb3
-
SSDEEP
24576:drl6kD68JmlotQfAVnxag+/zxRlk4t4p5G5wJm1wr:Zl328U2yfAVnsgSWpg5km
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Remcos family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-