General
-
Target
1376-82-0x0000000000400000-0x000000000047E000-memory.dmp
-
Size
504KB
-
Sample
220808-st8w3aceaj
-
MD5
c42ba568a7434da42e23d97d8057fc36
-
SHA1
d63e491dea4ff91d9bffd56d365711526250c675
-
SHA256
1b5e2c320c957717b81530e12fc258a3ed8ba547384a40b0fc62c30496d12763
-
SHA512
6a7d13579a4f950243a492e11bd6058119bca7fd8825349e081379ee8e92b6b932b4bb955b544591960e4fd8e01cbd5ef8b50b6a159ac68b1751bb9e25293268
Behavioral task
behavioral1
Sample
1376-82-0x0000000000400000-0x000000000047E000-memory.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
1376-82-0x0000000000400000-0x000000000047E000-memory.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
remcos
Mekino Aug
mekremcos23.freedynamicdns.net:2397
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
os.exe
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
true
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
mouse_option
false
-
mutex
Rmc-ZCU1S6
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
ecv
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
1376-82-0x0000000000400000-0x000000000047E000-memory.dmp
-
Size
504KB
-
MD5
c42ba568a7434da42e23d97d8057fc36
-
SHA1
d63e491dea4ff91d9bffd56d365711526250c675
-
SHA256
1b5e2c320c957717b81530e12fc258a3ed8ba547384a40b0fc62c30496d12763
-
SHA512
6a7d13579a4f950243a492e11bd6058119bca7fd8825349e081379ee8e92b6b932b4bb955b544591960e4fd8e01cbd5ef8b50b6a159ac68b1751bb9e25293268
Score1/10 -