General
-
Target
PO-MHASPF06000195956.exe.v
-
Size
1.1MB
-
Sample
250131-fqx9yaymay
-
MD5
d42a0e005fa32193a0e34fa70d7b010b
-
SHA1
a258d9a64ac91af485cf1475396880c9f1e2069b
-
SHA256
64083b6d122c8b46d8c081aeb9e131a7dfef89568bb2697d4a618fcb1000a5eb
-
SHA512
8dd3f8979c55cbf3f7c61ba50d597952650e0cec1005c2481e62fbe804fc0a7fb8a2da184f3e04b089d7d3c274629f0c695ac97ddd8e79cefedbe361df5cad09
-
SSDEEP
24576:xUMdnjE6F/0M/jeOjqvumjLYIpJVzgcy:xUQXTOvLjLvz0
Malware Config
Extracted
remcos
ood
goody.work.gd:4173
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
vlc
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
ios
-
mouse_option
false
-
mutex
gig-R8G1B2
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
sos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
PO-MHASPF06000195956.exe.v
-
Size
1.1MB
-
MD5
d42a0e005fa32193a0e34fa70d7b010b
-
SHA1
a258d9a64ac91af485cf1475396880c9f1e2069b
-
SHA256
64083b6d122c8b46d8c081aeb9e131a7dfef89568bb2697d4a618fcb1000a5eb
-
SHA512
8dd3f8979c55cbf3f7c61ba50d597952650e0cec1005c2481e62fbe804fc0a7fb8a2da184f3e04b089d7d3c274629f0c695ac97ddd8e79cefedbe361df5cad09
-
SSDEEP
24576:xUMdnjE6F/0M/jeOjqvumjLYIpJVzgcy:xUQXTOvLjLvz0
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Remcos family
-
Suspicious use of SetThreadContext
-