General
-
Target
JaffaCakes118_6f0a6a80a363a3ef5f5839b7d8cc36ae251bcac36fbb5c364b5ccf1cd7640c8b
-
Size
55KB
-
Sample
241226-yfh2dawqfs
-
MD5
b778e1c7d370312cc5ab96f40b329666
-
SHA1
4e79216a54cd1f39f29031d54cea58eefffc9b65
-
SHA256
6f0a6a80a363a3ef5f5839b7d8cc36ae251bcac36fbb5c364b5ccf1cd7640c8b
-
SHA512
125b23e599c79ff58df2140a7108b93d0bbc5b7fa98aa855db8c6158709e23bdf48efbb482c8a2aaa39cb7399130ae887eafc2441aa38121d24ae259d44a39a9
-
SSDEEP
768:ucQoET8DfEdVRaDsWNIWNP+K6/1aEv8aPUm355m3l5r+++fQj90HLE/w97I3hBSR:utbTMfELSIE6IU8aPUmoy+OQj9J4UYNb
Malware Config
Extracted
remcos
2.4.5 Pro
Remote%Host
www.rmagent.biz:7181
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
vbs.server.exe
-
copy_folder
vbs.server
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-00GA1C
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
vbs.server
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
e5d56a9880242b2d754c16974f3f35a91b98de9fbaf718360ca64099e13a38bf
-
Size
124KB
-
MD5
836f20f29fe33a7f80578d36dd3429c6
-
SHA1
edbea84969b18b9e241a3bc7fe4b61dd302f58a9
-
SHA256
e5d56a9880242b2d754c16974f3f35a91b98de9fbaf718360ca64099e13a38bf
-
SHA512
abeecfd989d81b50ef8a50f2ccf51c26c29245c02e081d93beca68d5f2b1865e974213a3140e1a599764a60b462d73789d6c483b555d17e975d8e18fc88cb0f2
-
SSDEEP
3072:MGuV8ukp57/RLyBlNJo4s5ln8m5IYNG2k4OzqhaIrc+5:MGuVUD7/5yBP3s5p8m5IYNG2tOzqhaU
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Remcos family
-