General
-
Target
73a4bbb85f8d199377afd2ea10ef5d4467e22e1dccb23275f176ea564d3e1ef8.exe
-
Size
3.3MB
-
Sample
240705-v2d3rsvcra
-
MD5
61bacdb8e8f052c36ae36e8548a13c8a
-
SHA1
2dc7e29e08c0f0cef40c88046f416290de43797e
-
SHA256
73a4bbb85f8d199377afd2ea10ef5d4467e22e1dccb23275f176ea564d3e1ef8
-
SHA512
9f1c541e92a17a6b2d96662535237f109c974172c9f61c064def38abbf0e8b70613af501a7545e68ba24ec56856f7f0e35fc76d4787ee8217b558b9c7a562f4e
-
SSDEEP
49152:N77LvQE87W0HWTKM4lTgFusrHmXX3av1YHe7hie:9OJXXKtzk
Malware Config
Extracted
remcos
MEXICO
64.188.26.202:1604
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
Vexploio.exe
-
copy_folder
Vexplo
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-N6A3VJ
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
73a4bbb85f8d199377afd2ea10ef5d4467e22e1dccb23275f176ea564d3e1ef8.exe
-
Size
3.3MB
-
MD5
61bacdb8e8f052c36ae36e8548a13c8a
-
SHA1
2dc7e29e08c0f0cef40c88046f416290de43797e
-
SHA256
73a4bbb85f8d199377afd2ea10ef5d4467e22e1dccb23275f176ea564d3e1ef8
-
SHA512
9f1c541e92a17a6b2d96662535237f109c974172c9f61c064def38abbf0e8b70613af501a7545e68ba24ec56856f7f0e35fc76d4787ee8217b558b9c7a562f4e
-
SSDEEP
49152:N77LvQE87W0HWTKM4lTgFusrHmXX3av1YHe7hie:9OJXXKtzk
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-