Remexi
Description
(Kaspersky) Remexi boasts features that allow it to gather keystrokes, take screenshots of windows of interest (as defined in its configuration), steal credentials, logons and the browser history, and execute remote commands. Encryption consists of XOR with a hardcoded key for its configuration and RC4 with a predefined password for encrypting the victim’s data.
Remexi includes different modules that it deploys in its working directory, including configuration decryption and parsing, launching victim activity logging in a separate module, and seven threads for various espionage and auxiliary functions. The Remexi developers seem to rely on legitimate Microsoft utilities.
Names
Name |
---|
Remexi |
CACHEMONEY |
Category
Malware
Type
- Backdoor
- Keylogger
- Info stealer
Information
Mitre Attack
Malpedia
Other Information
Uuid
26363b6b-e756-4ba3-93ab-2513e5352143
Last Card Change
2020-04-23