General
-
Target
b43cc694d316e52b7c650b72e0d0e00ab4f9430305970dcdb19a6890c87ccf90.exe
-
Size
462KB
-
Sample
250124-f2hcvstjem
-
MD5
8461e97514f42d93dccb4ec7f7100453
-
SHA1
ddb0584a3fcfa72e694ac30c06b7ac444644b863
-
SHA256
b43cc694d316e52b7c650b72e0d0e00ab4f9430305970dcdb19a6890c87ccf90
-
SHA512
d75d68ac42848d7c7141540fc9893f57e54cb399254565a6335be31df5bae65c3949319007b021aebf7deb21a36b1a7677d785b0d410d1e1f4427a91d30dd9ce
-
SSDEEP
6144:nOFBH/FMNjt18F+9a/NgAeDB4CcOtKp03b13a4LJ+sAOZZPWXbTcU2yg:nOFtiNBuFgawDB4NOmuwsfZPlyg
Malware Config
Extracted
remcos
RemoteHost
stopeet.camdvr.org:2404
amalar.camdvr.org:2404
prosir.casacam.net:2404
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
abj.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
b2bhdjdhbvduhdi3ed-F3Q5YI
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Targets
-
-
Target
b43cc694d316e52b7c650b72e0d0e00ab4f9430305970dcdb19a6890c87ccf90.exe
-
Size
462KB
-
MD5
8461e97514f42d93dccb4ec7f7100453
-
SHA1
ddb0584a3fcfa72e694ac30c06b7ac444644b863
-
SHA256
b43cc694d316e52b7c650b72e0d0e00ab4f9430305970dcdb19a6890c87ccf90
-
SHA512
d75d68ac42848d7c7141540fc9893f57e54cb399254565a6335be31df5bae65c3949319007b021aebf7deb21a36b1a7677d785b0d410d1e1f4427a91d30dd9ce
-
SSDEEP
6144:nOFBH/FMNjt18F+9a/NgAeDB4CcOtKp03b13a4LJ+sAOZZPWXbTcU2yg:nOFtiNBuFgawDB4NOmuwsfZPlyg
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Remcos family
-