General
-
Target
file.ps1
-
Size
1.3MB
-
Sample
250407-vrkskaw1dv
-
MD5
e9555cbf01abdf1bd646705c3997e13c
-
SHA1
9a664ea36508bd4158a26529e9401202ba2811e4
-
SHA256
ac9083b61eef653d53bb8e035dd48619764d008a00de6ba6d7761c698c8d5c75
-
SHA512
c30a862f78274cdfccbaf1d4e7b1586f48b046ce575964a220dc4b315099eb462b522c4d12c741c8cc22fb00e6ee3532fa8ae577e7fa914283c33ed49fb58c94
-
SSDEEP
24576:Kl9R3rpl+v5MhC1jaysc54+xFB+ltbpQFRbut:cKx4QFvFZ8
Malware Config
Extracted
remcos
ServerT
vtrow.ydns.eu:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
conhost.exe
-
copy_folder
Microsoft
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-OYYBQ1
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Edge
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
file.ps1
-
Size
1.3MB
-
MD5
e9555cbf01abdf1bd646705c3997e13c
-
SHA1
9a664ea36508bd4158a26529e9401202ba2811e4
-
SHA256
ac9083b61eef653d53bb8e035dd48619764d008a00de6ba6d7761c698c8d5c75
-
SHA512
c30a862f78274cdfccbaf1d4e7b1586f48b046ce575964a220dc4b315099eb462b522c4d12c741c8cc22fb00e6ee3532fa8ae577e7fa914283c33ed49fb58c94
-
SSDEEP
24576:Kl9R3rpl+v5MhC1jaysc54+xFB+ltbpQFRbut:cKx4QFvFZ8
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Remcos family
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-