General

  • Target

    1352-138-0x0000000000400000-0x000000000047F000-memory.dmp

  • Size

    508KB

  • MD5

    af8f425f86140ef55a08fd555bb1e267

  • SHA1

    ac84695622ec546dcbf7a27d6e65bac9079e249a

  • SHA256

    b7710ea62b04fb90034d99dd5d27919a80d3d89213891c64f2266014c3a340bb

  • SHA512

    d049908f90e7423e63fe6afd034ba0c63088c0c8ca3c4dd00872ac4fd0a4dff05f4e46d5f93dff7f3ba2431468c08f2e5937c7dc895b8d5afb30aa9172419c4c

  • SSDEEP

    12288:jtmox/Sl5vkKtAXjsoZ8wHonsfZgd64x:RmW6l5vkKtAD8wIKZa

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

Awele-Host

C2

gdyhjjdhbvxgsfe.gotdns.ch:2718

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    qos.exe

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    true

  • install_flag

    true

  • install_path

    %AppData%

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    Rmc-VC3F2C

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Jm

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

Files

  • 1352-138-0x0000000000400000-0x000000000047F000-memory.dmp
    .exe windows x86


    Headers

    Sections