General
-
Target
1752-67-0x0000000000400000-0x000000000047F000-memory.dmp
-
Size
508KB
-
MD5
b65b164e81524d9b47c97e5f57e75840
-
SHA1
b31ba02b70ad007ba89dce665afdc5bb5e49a4e2
-
SHA256
77d27721f7c122cb28294acccfbcd9d45b926c311a2e9553d7c41b318bbca931
-
SHA512
dccd8dd82c38630141d5fd5a7629c0774f5bfed2140ac055ecf87fed2a3ee9250b2ab274c78731cd8fa85895af3ca8afa7df6cd9cf43d18f73c656ecd81be568
-
SSDEEP
12288:umnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSJH:WiLJbpI7I2WhQqZ7JH
Malware Config
Extracted
remcos
Remote=No=ScreenShot=
194.36.111.59:5639
213.152.161.24:5639
184.75.221.115:5639
217.151.98.163:5639
37.120.217.243:5639
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
me.gif
-
keylog_flag
false
-
keylog_folder
dax
-
keylog_path
%Temp%
-
mouse_option
false
-
mutex
data_ex-HDU3CV
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Service
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
4
-
take_screenshot_title
Gemini;banking;online;secure;digital;crypto;card;bitcoin;coin;bank;checkout;pay;personal;mastercard;visa;wallet;paypal;admin;blockchain;coinbase;transaction;confidential;recover;recovery;phrase;key;bit;ethereum;WhatsApp;transfer;sign;wire;login;creditcard;paypal;creditkarmer;postpaid;
Signatures
-
Remcos family
Files
-
1752-67-0x0000000000400000-0x000000000047F000-memory.dmp
Headers
Sections