General
-
Target
16012025_0057_15012025_Pagamento.Fatura.CDG.pdf.img
-
Size
260KB
-
Sample
250116-ba5xmasrf1
-
MD5
a450b614996ac0ca7de24a8f1947bc51
-
SHA1
45cbd3a10b756bca0180d06f89d2ec8a9922e377
-
SHA256
ca76896fb473edcfdce44fa41ab776da23aedd3ecec1589f4b4aa184057166d3
-
SHA512
086b58f02d3e8d71a3b4a98e6901aaf9f3ce31a0d7776bbfd607f5bb9ab5f00f8820512fe0e533b7eb42d65620b0f7087bf25ad3b88b1d5caaf6d38289e32f63
-
SSDEEP
3072:h/kQ+3Wsg9t3BdPKN5xezNQNuqscX7wmdTxIwbj7JlxihOKbTvKRAv9/:KQ7HdPKN5xB391VxIoigKbTCO
Malware Config
Extracted
remcos
RemoteHost
41.216.183.218:56792
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-PE85MB
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
Pagamento.Fatura.CDG.pdf.exe
-
Size
208KB
-
MD5
65295769536ed116328b24b1e0d903eb
-
SHA1
1b6820e5bcb014cb499d1dbdabcc5840cbde9e6e
-
SHA256
841a313baacae6d514f0f9e3a27943723034d5282378106cfa674fc33cc2c574
-
SHA512
7f8d76ad6586d28fcf90f766cdbf0b1945cd1627aba79dcca5c3dcb683f3f1f02475207e4626b1652c92907e3e51240a9df0ea4ba09bbe0bac75875b6c6edd80
-
SSDEEP
3072:d/kQ+3Wsg9t3BdPKN5xezNQNuqscX7wmdTxIwbj7JlxihOKbTvKRAv9/:mQ7HdPKN5xB391VxIoigKbTCO
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Remcos family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Suspicious use of SetThreadContext
-