General
-
Target
JaffaCakes118_a16eec9f4ca26138e11dcf47d7e632de525b87d98869455b28b3fd29aa0789c0
-
Size
592KB
-
Sample
241226-txw74s1jfq
-
MD5
6376b78932d50e43744c5ef4437e0645
-
SHA1
741420476bf16a9dc9cf896cdd251c020e8a1809
-
SHA256
a16eec9f4ca26138e11dcf47d7e632de525b87d98869455b28b3fd29aa0789c0
-
SHA512
9fecce8aecad5a516fd304da26bd37af465d2e26400791ba596ef33c3eceafd2d913996beff173fe7ce09cb87ee206eae1564f7980bc0130904e8efe3cfcf8b3
-
SSDEEP
12288:M3haf41Bft/r0wlJKHOct+LuvmBRbJLK0iauKF181+QPxUSz6:MkA1cwlJKsPblpiaLb2xdO
Malware Config
Extracted
remcos
2.7.2 Pro
BLESSED
prayerarequesttojah.ddns.net:4344
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
remcos-4AD74M
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
PANAS QUOTATION INV_280121,pdf.exe
-
Size
1.0MB
-
MD5
7f205f8e299ffcf9d303adb6db85d21a
-
SHA1
bfe3918bf2a59497ba17621399f4ebb540a1d8a6
-
SHA256
d490b85539a2a3ae13c2e68bada84965fca6c3eb40281f70206d4ef975e592e7
-
SHA512
3e26cdc1db4e4b969c34b3f22e6379ce44833b95eb619038cec91a055d8504e203be9d440ec01c983aa0eb242de7bb0b1d5afe8f66c1ff800f4762a3f8c1c861
-
SSDEEP
12288:6aqVennKcOqfu19Xlxo8PfEiwQnT+2n5BtqKuCwaB4uCwaBKOMppwjtQ6k2FggbB:GInRuXlRxT+MBtq9ZatZaX
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Remcos family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-