General
-
Target
1320-8194-0x0000000000400000-0x000000000047E000-memory.dmp
-
Size
504KB
-
Sample
220806-hbvllsbfam
-
MD5
c1d99b10f9c28e9ae047bd48d9108488
-
SHA1
fb80d2d67d64906a83eb21d98b7cb5ba60d9bac9
-
SHA256
822b29dc06dcd5df81ae2e7a17c34bf36c4344e9311d00d334ee37a8b9dd5c92
-
SHA512
3515b1519275921a0edc99c7ee471e7da3c71d889f54d04b7e5709a1783a1c9c9f3ad9fe57966dbd2c1aaa763b9a6acde2234a10c832b49622dc74a9a9621071
Malware Config
Extracted
remcos
RemoteHost
172.111.234.100:5888
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-IY2SFS
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
1320-8194-0x0000000000400000-0x000000000047E000-memory.dmp
-
Size
504KB
-
MD5
c1d99b10f9c28e9ae047bd48d9108488
-
SHA1
fb80d2d67d64906a83eb21d98b7cb5ba60d9bac9
-
SHA256
822b29dc06dcd5df81ae2e7a17c34bf36c4344e9311d00d334ee37a8b9dd5c92
-
SHA512
3515b1519275921a0edc99c7ee471e7da3c71d889f54d04b7e5709a1783a1c9c9f3ad9fe57966dbd2c1aaa763b9a6acde2234a10c832b49622dc74a9a9621071
Score1/10 -