remcos | 1608-66-0x0000000000150000-0x00000000001CF000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

1608-66-0x...ry.exe

windows7-x64

1608-66-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

worldclass remcos

1 signatures

Behavioral task

behavioral1

Sample

1608-66-0x0000000000150000-0x00000000001CF000-memory.exe

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

1608-66-0x0000000000150000-0x00000000001CF000-memory.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

1608-66-0x0000000000150000-0x00000000001CF000-memory.dmp
Size

508KB
MD5

1eea340cb516e56477a250a29894327e
SHA1

c84f9f4f1a2dd3eb4f5e1a51c1767569a7a1143d
SHA256

c02ca791dfb1eb5162f657cc6644353cc05589085bf7c3c254d03fe914d7206d
SHA512

694cb79f1d6f82e36b5e85f97cf14956a9104f658066539992f00061d52772aa28fc37a588a7d2a9dc934aa11f0af0b9908fa69387d1ea8c841260b4cfbd12a0
SSDEEP

6144:nt5sORmjlApc4Sl5vidotdjDAUgZVjso6k8BSGMV02LobDsAOZZgIXoc+g:ntmox/Sl5vkKtAXjsoZ8wHonsfZg

Score

10^/10

worldclass remcos

Malware Config

Extracted

Family

remcos

Botnet

worldclass

C2

91.193.75.188:60005

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
worldclass.exe
copy_folder
worldclass
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
true
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-BY6BKA
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
worldclass
take_screenshot_option
false
take_screenshot_time
5

Signatures

Remcos family
remcos

Files

1608-66-0x0000000000150000-0x00000000001CF000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy