General
-
Target
2004-137-0x0000000000400000-0x000000000047F000-memory.dmp
-
Size
508KB
-
MD5
f07bb705632f3cdd590332e8d863121f
-
SHA1
0241143604913433de37540482cd4d2ceefade05
-
SHA256
a4a19599575f40100aaf1541fe968819c7333a0c3fa02023a936e86265d54d4a
-
SHA512
b999824b2de8752079b23e866e8993714336d8fe231d8a589135319e92fb15e7993be221856c0a93c2171f7e24df1ed0cffa9b940c496f23265b02f5bf8aa070
-
SSDEEP
12288:Wmnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSon9:uiLJbpI7I2WhQqZ7o9
Malware Config
Extracted
remcos
Remote=No=ScreenShot=
194.36.111.59:5639
213.152.161.24:5639
184.75.221.115:5639
217.151.98.163:5639
37.120.217.243:5639
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
me.gif
-
keylog_flag
false
-
keylog_folder
dax
-
keylog_path
%Temp%
-
mouse_option
false
-
mutex
data_ex-YPJOPQ
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Service
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
4
-
take_screenshot_title
Gemini;banking;online;secure;digital;crypto;card;bitcoin;coin;bank;checkout;pay;personal;mastercard;visa;wallet;paypal;admin;blockchain;coinbase;transaction;confidential;recover;recovery;phrase;key;bit;ethereum;WhatsApp;transfer;sign;wire;login;creditcard;paypal;creditkarmer;postpaid;
Signatures
-
Remcos family
Files
-
2004-137-0x0000000000400000-0x000000000047F000-memory.dmp
Headers
Sections