General

  • Target

    1376-82-0x0000000000400000-0x000000000047E000-memory.dmp

  • Size

    504KB

  • Sample

    220808-st8w3aceaj

  • MD5

    c42ba568a7434da42e23d97d8057fc36

  • SHA1

    d63e491dea4ff91d9bffd56d365711526250c675

  • SHA256

    1b5e2c320c957717b81530e12fc258a3ed8ba547384a40b0fc62c30496d12763

  • SHA512

    6a7d13579a4f950243a492e11bd6058119bca7fd8825349e081379ee8e92b6b932b4bb955b544591960e4fd8e01cbd5ef8b50b6a159ac68b1751bb9e25293268

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

Mekino Aug

C2

mekremcos23.freedynamicdns.net:2397

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    os.exe

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    true

  • install_flag

    true

  • install_path

    %AppData%

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • mouse_option

    false

  • mutex

    Rmc-ZCU1S6

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    ecv

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      1376-82-0x0000000000400000-0x000000000047E000-memory.dmp

    • Size

      504KB

    • MD5

      c42ba568a7434da42e23d97d8057fc36

    • SHA1

      d63e491dea4ff91d9bffd56d365711526250c675

    • SHA256

      1b5e2c320c957717b81530e12fc258a3ed8ba547384a40b0fc62c30496d12763

    • SHA512

      6a7d13579a4f950243a492e11bd6058119bca7fd8825349e081379ee8e92b6b932b4bb955b544591960e4fd8e01cbd5ef8b50b6a159ac68b1751bb9e25293268

    Score
    1/10

MITRE ATT&CK Matrix

Tasks