General
-
Target
1572-138-0x0000000000400000-0x000000000047E000-memory.dmp
-
Size
504KB
-
Sample
221124-z39y2sac89
-
MD5
b048d5f995db9fa12b3ca8e75ebda1b1
-
SHA1
155ff355f00cc7721a6de06f02cffbc970da6007
-
SHA256
6fb28e15c7746e7ed0d0cec7f88500e39403023f5eef057cc9159ce079867847
-
SHA512
d043e6df2a9b6c8616fd22e3c9beb5d540a292227d39d4d3ef0eeea384f7881957cd34156ef1705de47ea9dffb459c38e8de48468dabb3db55e376926222c6eb
-
SSDEEP
6144:gNzuFOjH9TX76ghtDNHffMq6+i1lSC6GocCh+41JnwNvtsAOZZYAXectyrYN:gNzuFO7V6WBN/kq9KSC6kC044sfZYIN
Malware Config
Extracted
remcos
BALLER
91.192.100.48:1979
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-2RPM8Z
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
1572-138-0x0000000000400000-0x000000000047E000-memory.dmp
-
Size
504KB
-
MD5
b048d5f995db9fa12b3ca8e75ebda1b1
-
SHA1
155ff355f00cc7721a6de06f02cffbc970da6007
-
SHA256
6fb28e15c7746e7ed0d0cec7f88500e39403023f5eef057cc9159ce079867847
-
SHA512
d043e6df2a9b6c8616fd22e3c9beb5d540a292227d39d4d3ef0eeea384f7881957cd34156ef1705de47ea9dffb459c38e8de48468dabb3db55e376926222c6eb
-
SSDEEP
6144:gNzuFOjH9TX76ghtDNHffMq6+i1lSC6GocCh+41JnwNvtsAOZZYAXectyrYN:gNzuFO7V6WBN/kq9KSC6kC044sfZYIN
Score1/10 -