General
-
Target
JaffaCakes118_12f995b0ef1cf5bced4ab5c1361e5f9b1b1f95510fb82033bec4ec43044c6266
-
Size
449KB
-
Sample
241222-qzcdyazpbx
-
MD5
65e14b3d18b72879723ff9debca92f00
-
SHA1
f1719addd7f80d454eee81a8f0bf0f3855451a16
-
SHA256
12f995b0ef1cf5bced4ab5c1361e5f9b1b1f95510fb82033bec4ec43044c6266
-
SHA512
336844d6baa6725dc97f871ca606f10e7c38cca2cf839d3301256a21294c87ce432405311f2e8bb603e54cd65f2657c85984e0400e5587e0f4ea4b2af3c8c863
-
SSDEEP
12288:dTKB0S+zaHXExNnPIbi3OsC63tvAdA61568KfHv/JEw5ihS45mfspe:JKB0OXExNPIPrdA4S95S/mfspe
Malware Config
Extracted
remcos
1.7 Pro
Host
185.222.58.243:8780
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
remcos_bieveakahtwoqbg
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
58215107f6e87ad9b3ebe4ce23aaa91b562c99f307a19ce719179b2d27aaef56.exe
-
Size
599KB
-
MD5
e85268409de1978293cbb195740d2938
-
SHA1
6c6892e6d1f78718a8aceba3cd5e80141486feb2
-
SHA256
58215107f6e87ad9b3ebe4ce23aaa91b562c99f307a19ce719179b2d27aaef56
-
SHA512
36f00cf4ac2862b9024f581ce5b6c69602a1e23c24169bdc55f83d0d2c4267cdaeeb6f6b0b5c4c879767ad7fbcc63a381549b5b8cc17fefdfe6cfef8ae2cf65c
-
SSDEEP
12288:EWfxn+fRhQuzl6oBW7mhoYmOMWOiLEDI+TU2N5IQHjgPTBrSRxD5Ynzf2XKMWYMv:Tfxn+fRhQuzl6oBW7mhoYmOMWOiLEDJv
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Remcos family
-
Drops startup file
-
Suspicious use of SetThreadContext
-