General
-
Target
JaffaCakes118_ff7516b18c451b948407a993513ebc4910b3ef374f2de2f6ed34a7b593df0beb
-
Size
240KB
-
Sample
241230-x8bx4axpcx
-
MD5
4388ddedfa8818ccffe9655b8c023d4f
-
SHA1
5c12b466e2c4070686bbcb02cc6e1ba9028d116e
-
SHA256
ff7516b18c451b948407a993513ebc4910b3ef374f2de2f6ed34a7b593df0beb
-
SHA512
ad855c711c892a2fc7cb5364f5aa2963a2d6737982ed2e141c2ca5e12ce44b75c6bae582ad7d7d5b968e3fbd7383ee5a07d780b3fe1f0f7ea9a51f3418dc6652
-
SSDEEP
6144:BVV1yt6/Wq5u6fMvc6TGVxH0P9kOLZqARwZCMLmFjEC:BVV1ytg7Ivq49lLrRwXyl
Malware Config
Extracted
remcos
3.3.2 Light
RemoteHost
127.0.0.1:2404
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-N28M4A
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
e3cc72844b670b0d7bf02cc4502235f3714ae0dfbc824348d923522d9593438f
-
Size
420KB
-
MD5
3205cf9540ade988b99a35dd4884bca1
-
SHA1
903f0ea8e7659d5338070b61bd1c51802f512a93
-
SHA256
e3cc72844b670b0d7bf02cc4502235f3714ae0dfbc824348d923522d9593438f
-
SHA512
397b1c763111d1aeba810117ce46077caddfe8f1d29be1962e599e3b9d5b850a448847495fc7d10ad7bb680fa194870d0620403b55c06cf14feb5f397f1fdb34
-
SSDEEP
6144:IhRsahruDYhVEAm7nSJI8P9NxIBUbWYe7UKAOqo2cXc9CceR1QA:IhRs/YRm+m8P/x2UOrUo69HA
Score3/10 -