Remexi

Description

(Kaspersky) Remexi boasts features that allow it to gather keystrokes, take screenshots of windows of interest (as defined in its configuration), steal credentials, logons and the browser history, and execute remote commands. Encryption consists of XOR with a hardcoded key for its configuration and RC4 with a predefined password for encrypting the victim’s data.

Remexi includes different modules that it deploys in its working directory, including configuration decryption and parsing, launching victim activity logging in a separate module, and seven threads for various espionage and auxiliary functions. The Remexi developers seem to rely on legitimate Microsoft utilities.

Names

Name
Remexi
CACHEMONEY

Category

Malware

Type

  • Backdoor
  • Keylogger
  • Info stealer

Information

Mitre Attack

Malpedia

Other Information

Uuid

26363b6b-e756-4ba3-93ab-2513e5352143

Last Card Change

2020-04-23