General
-
Target
dacf76612ec19aa3f80f070321abac8830e376981ccd5ec4eebd1ba017c6e462.exe
-
Size
1.2MB
-
Sample
240704-cg7v8syejj
-
MD5
ee28c3097b0a179bee35c93761526041
-
SHA1
e0dd7342f2019adb9e4ae74136f6842c14087077
-
SHA256
dacf76612ec19aa3f80f070321abac8830e376981ccd5ec4eebd1ba017c6e462
-
SHA512
51572fa32d2b1442c91675a75087a92a14b98af4733ad9a37e936a04e2e77cf0ee1a020f52e1b2e9ad2b3a3f170a888e777e74971828006afe906d328afb062c
-
SSDEEP
24576:h1sMaPo6C4bNhNu384DvLF3sf7wAHBgD6HjZgoOD6hpwlXfDFo:h1ssCh0847pq7wTD6HjBhpwtFo
Malware Config
Extracted
remcos
RemoteHost
204.10.160.230:7983
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-O7QOC3
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
dacf76612ec19aa3f80f070321abac8830e376981ccd5ec4eebd1ba017c6e462.exe
-
Size
1.2MB
-
MD5
ee28c3097b0a179bee35c93761526041
-
SHA1
e0dd7342f2019adb9e4ae74136f6842c14087077
-
SHA256
dacf76612ec19aa3f80f070321abac8830e376981ccd5ec4eebd1ba017c6e462
-
SHA512
51572fa32d2b1442c91675a75087a92a14b98af4733ad9a37e936a04e2e77cf0ee1a020f52e1b2e9ad2b3a3f170a888e777e74971828006afe906d328afb062c
-
SSDEEP
24576:h1sMaPo6C4bNhNu384DvLF3sf7wAHBgD6HjZgoOD6hpwlXfDFo:h1ssCh0847pq7wTD6HjBhpwtFo
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-