remcos | 1376-82-0x0000000000400000-0x000000000047E000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

1376-82-0x...ry.exe

windows7-x64

1

1376-82-0x...ry.exe

windows10-2004-x64

1

Sharing

Static task

static1

mekino aug remcos

1 signatures

Behavioral task

behavioral1

Sample

1376-82-0x0000000000400000-0x000000000047E000-memory.exe

Resource

win7-20220715-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

1376-82-0x0000000000400000-0x000000000047E000-memory.exe

Resource

win10v2004-20220721-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

1376-82-0x0000000000400000-0x000000000047E000-memory.dmp
Size

504KB
MD5

c42ba568a7434da42e23d97d8057fc36
SHA1

d63e491dea4ff91d9bffd56d365711526250c675
SHA256

1b5e2c320c957717b81530e12fc258a3ed8ba547384a40b0fc62c30496d12763
SHA512

6a7d13579a4f950243a492e11bd6058119bca7fd8825349e081379ee8e92b6b932b4bb955b544591960e4fd8e01cbd5ef8b50b6a159ac68b1751bb9e25293268
SSDEEP

12288:WfCa8/Vs8aGksOT3hysn1FrdhsfZyONN:o7GVs8aGpO1FrdAZ77

Score

10^/10

mekino aug remcos

Malware Config

Extracted

Family

remcos

Botnet

Mekino Aug

C2

mekremcos23.freedynamicdns.net:2397

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
os.exe
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
true
install_path
%AppData%
keylog_crypt
true
keylog_file
logs.dat
keylog_flag
false
mouse_option
false
mutex
Rmc-ZCU1S6
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
ecv
take_screenshot_option
false
take_screenshot_time
5

Signatures

Remcos family
remcos

Files

1376-82-0x0000000000400000-0x000000000047E000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy