remcos | 1044-138-0x0000000000400000-0x000000000047A000-memory[.]dmp

General

Target

1044-138-0x0000000000400000-0x000000000047A000-memory.dmp
Size

488KB
MD5

cf965e2861e5076b09fbafa183bd85cf
SHA1

af5617b7d4e4e12e72e72b531e376a0de59f2850
SHA256

43e32eae36fb3c487f691e30d84c7f8c86b84da227739383eb6f62a0a9cd619d
SHA512

15334e918bc2743f308755dd8ef464a2403675bec63d6d6ac8300997b1cf3049e71009f63ee539dd4d1d204e47e336766f9c97630ddaa7b7c4570f4f79cbda51
SSDEEP

6144:nOFBH/FMNjt18F+9a/NgAeDB4CcOtKp03b13a4LJ+sAOZZPWXbTcUEiyg:nOFtiNBuFgawDB4NOmuwsfZPZiyg

Score

10^/10

remotehost remcos

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

dash.3utilities.com:2404

dash1.3utilities.com:2404

dash2.ddns.net:2404

bash.mywire.org:2404

bash1.accesscam.org:2404

dash3.ddns.net:2404

dash4.ddns.net:2404

bash2.accesscam.org:2404

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
music.exe
copy_folder
c
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
ApplicationPath
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
soniC
keylog_path
%AppData%
mouse_option
false
mutex
dashboard-0RG9UW
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
notepad;solitaire;

Signatures

Remcos family
remcos

Files

1044-138-0x0000000000400000-0x000000000047A000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 331KB - Virtual size: 330KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 3KB - Virtual size: 15KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 1024B - Virtual size: 560B

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 331KB - Virtual size: 330KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 3KB - Virtual size: 15KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 1024B - Virtual size: 560B

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 14KB - Virtual size: 14KB