remcos | c1bdd65c5ab3ae82c09b4b2f3210bac5e9b13c3cf173ad1b2d561765136087a0 | Triage

Sharing

General

Target

1184-73-0x0000000000400000-0x000000000047F000-memory.dmp
Size

508KB
Sample

221005-zhg3jafeg3
MD5

cc4c0735ac6a51edfdb8c02188165210
SHA1

81a34c6fda75b51319384e7814cd65d94fb59895
SHA256

c1bdd65c5ab3ae82c09b4b2f3210bac5e9b13c3cf173ad1b2d561765136087a0
SHA512

c02a5352cdfae343009e408e9b5047053b697d0cd1c6d06d0768a35ac8e43dbea6543941c18f952b15c403d08d0dc34d7920171af4f00b979f3e6f2f0320fb81
SSDEEP

6144:WAg4RVDZlHx5k7iLZnaSguI2IiRL/SISjw8nHWh1R2K3g9ZsAOZZQmXxlcK:Wmnk7iLJbpIpiRL6I2WhSKQ9ZsfZQS

Score

10^/10

remcos 40004

Malware Config

Extracted

Family

remcos

Botnet

40004

C2

45.155.165.117:40004

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
frophxiw-9ZCZGJ
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  1184-73-0x0000000000400000-0x000000000047F000-memory.dmp
- Size
  
  508KB
- MD5
  
  cc4c0735ac6a51edfdb8c02188165210
- SHA1
  
  81a34c6fda75b51319384e7814cd65d94fb59895
- SHA256
  
  c1bdd65c5ab3ae82c09b4b2f3210bac5e9b13c3cf173ad1b2d561765136087a0
- SHA512
  
  c02a5352cdfae343009e408e9b5047053b697d0cd1c6d06d0768a35ac8e43dbea6543941c18f952b15c403d08d0dc34d7920171af4f00b979f3e6f2f0320fb81
- SSDEEP
  
  6144:WAg4RVDZlHx5k7iLZnaSguI2IiRL/SISjw8nHWh1R2K3g9ZsAOZZQmXxlcK:Wmnk7iLJbpIpiRL6I2WhSKQ9ZsfZQS
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2