General
-
Target
2040-63-0x0000000004180000-0x00000000041FE000-memory.dmp
-
Size
504KB
-
Sample
220810-sc7yfadeg9
-
MD5
686fe19d5b382e8c23ccd667fb45df0e
-
SHA1
36dd188d0040f94189204c5fa504c3cb43cc5f39
-
SHA256
848cf6c0c1ab66a7f21cc15f780f12aaba313002a66035a1e2cb2de989cb5234
-
SHA512
a9c9e63f247585ea6f019fa754a72fbc3fd72e4ed8e81302b74f79c45b527d956fd11cf0c76dc2c17d00f3efc82b5ce6ef583e6bff2d32dcdc61ebb40170a5d9
Malware Config
Extracted
remcos
onige123
goodygoody.duckdns.org:1905
154.53.43.207:1905
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
gamingsofts.exe
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
true
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
aesjes.dat
-
keylog_flag
false
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
sijresuestusawar-YZOEW4
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
gamingsoft
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2040-63-0x0000000004180000-0x00000000041FE000-memory.dmp
-
Size
504KB
-
MD5
686fe19d5b382e8c23ccd667fb45df0e
-
SHA1
36dd188d0040f94189204c5fa504c3cb43cc5f39
-
SHA256
848cf6c0c1ab66a7f21cc15f780f12aaba313002a66035a1e2cb2de989cb5234
-
SHA512
a9c9e63f247585ea6f019fa754a72fbc3fd72e4ed8e81302b74f79c45b527d956fd11cf0c76dc2c17d00f3efc82b5ce6ef583e6bff2d32dcdc61ebb40170a5d9
Score1/10 -