General

  • Target

    0x00090000000133ec-58.dat

  • Size

    470KB

  • MD5

    cf76154a7257f8447b77350760a59481

  • SHA1

    554ee677ee627f9361156e5d9e52c944d9eed971

  • SHA256

    b55e1430bc8fd56b53d40e8dc1bb4a176f37f5d5b202fdbd6ea7ced8b73434ba

  • SHA512

    32807dd9f6a82fda74e4057df65a6682fb2e97565d819dac2a6eb2aac2e15935417703e5c9ab9d3c30123980dd37e8677c982796736c15778d7fe468a260ed81

  • SSDEEP

    12288:Dtmox/Sl5vkKtAXjsoZ8wHonsfZgw64x:xmW6l5vkKtAD8wIKZN

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

45.139.105.174:3132

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    true

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-Y0T2QT

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

Files

  • 0x00090000000133ec-58.dat
    .exe windows x86

    658143f158f14e9bff661e164dfff376


    Headers

    Imports

    Sections