General
-
Target
1100-75-0x0000000000400000-0x000000000047F000-memory.dmp
-
Size
508KB
-
Sample
221205-3y2zeshh52
-
MD5
0e3b2bfe137f1e3b11d86176524d2096
-
SHA1
5b6036b1e9ff23d8881126de88338fa98d19f869
-
SHA256
f0ea1ea41459ba5e483b812170a1597da5b94788c2e396071db35eea1716f5b3
-
SHA512
1e440386bd25fd88388136a7d5414348e5154ae6e51660be0b22dc5e1045e2aee6acb41a5df6e106984186569a8d859fddee310c6fda828985601ab27183fe24
-
SSDEEP
6144:nt5sORmjlApc4Sl5vidotdjDAUgZVjso6k8BSGMV02LobDsAOZZgIXoc+g:ntmox/Sl5vkKtAXjsoZ8wHonsfZg
Malware Config
Extracted
| Family |
remcos |
| Botnet |
RemoteHost Reff |
| C2 |
185.136.161.189:1960 |
| Attributes |
audio_folder MicRecords
audio_record_time 5
connect_delay 0
connect_interval 1
copy_file remcos.exe
copy_folder Remcos
delete_file false
hide_file false
hide_keylog_file false
install_flag false
keylog_crypt false
keylog_file logs.dat
keylog_flag false
keylog_folder remcos
mouse_option false
mutex Rmc-IPL25E
screenshot_crypt false
screenshot_flag false
screenshot_folder Screenshots
screenshot_path %AppData%
screenshot_time 10
startup_value Remcos
take_screenshot_option false
take_screenshot_time 5 |
Targets
-
-
Target
1100-75-0x0000000000400000-0x000000000047F000-memory.dmp
-
Size
508KB
-
MD5
0e3b2bfe137f1e3b11d86176524d2096
-
SHA1
5b6036b1e9ff23d8881126de88338fa98d19f869
-
SHA256
f0ea1ea41459ba5e483b812170a1597da5b94788c2e396071db35eea1716f5b3
-
SHA512
1e440386bd25fd88388136a7d5414348e5154ae6e51660be0b22dc5e1045e2aee6acb41a5df6e106984186569a8d859fddee310c6fda828985601ab27183fe24
-
SSDEEP
6144:nt5sORmjlApc4Sl5vidotdjDAUgZVjso6k8BSGMV02LobDsAOZZgIXoc+g:ntmox/Sl5vkKtAXjsoZ8wHonsfZg
Score1/10 -