General
-
Target
JaffaCakes118_e424cf0f940974e64062259774177c65f3529f56d9b79f5e19e31e607bc20f9f
-
Size
237KB
-
Sample
241230-brk9jstjay
-
MD5
91624bf5879c5678d6cbc2f4138b8331
-
SHA1
fb60040dd677ae19292b0a4d3490431cd59ded21
-
SHA256
e424cf0f940974e64062259774177c65f3529f56d9b79f5e19e31e607bc20f9f
-
SHA512
39426bb11564306dfafc2473d508352440f533f4e9bb1119c188b51d0bf7e7f21741757722bdcfaf59103775c09a8c08e78b86d0e8cb8bbb65d35e0fa2116b60
-
SSDEEP
6144:AivSSR1EJ/tJ5uY2hyVY67PObjW7HuIplQL4RH9jAuoc7H:AivSCEt3ukX7GbC7xpOWHSgD
Malware Config
Extracted
remcos
3.3.0 Light
RemoteHost
127.0.0.1:2404
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-MFF5ZF
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
eef620e3e47adcf2fd2b4ff1a7843170f1a259718dc69e1ab3594f97d38dea87
-
Size
416KB
-
MD5
dd2275e908c422b1253a29af4c921d5f
-
SHA1
9480f357b537a324c083b3902200dd1dcb628436
-
SHA256
eef620e3e47adcf2fd2b4ff1a7843170f1a259718dc69e1ab3594f97d38dea87
-
SHA512
b5dac2b63380ba861957e9789355e5b67b0bc1e81cbd91ade85df9e15aab95ab81c1d69675b7353d8004d7783dbdc36cc77f0dd559240052830d7a9842d55780
-
SSDEEP
6144:mVOFpfTNHxOQCh9u96DncKfZqEcIJVLYww89yIRAOU+/XpcBDcBIOk:mVOFpbNhCy6wvEBJVkwLjq+Rc/Ok
Score3/10 -