General

  • Target

    4832-162-0x0000000002440000-0x00000000024BF000-memory.dmp

  • Size

    508KB

  • MD5

    9cd3b6dc4605f5f7c8ca99d403bd9acc

  • SHA1

    108aa17617f679eba16cec4a219bc433bf58601e

  • SHA256

    f2371c59b9ec9a7e026c43578e6fd2958a1f7d0af4fc57439061c909e374892b

  • SHA512

    3975c339eb0f0bd5fea6b92de2c55dedca656f9f4ae95e15b5d833d6f22230466d0a8bbc1ffbb9ec000bd35fb59a5d84bf480d9af647bf970846d57cc4019949

  • SSDEEP

    6144:+xnexg5MReq2hfy7h4YVlDIIoJdYJFApHECiYsAOZZLVX9cS04:+xesyeqg6N4YjIIoTYgvsfZLC4

Malware Config

Extracted

Family

remcos

Botnet

CASSANDRA-CRYPTER

C2

www.supremeswitchgear.com:2404

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    rcm

  • mouse_option

    false

  • mutex

    Rmc-XUTYB1

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

Files

  • 4832-162-0x0000000002440000-0x00000000024BF000-memory.dmp
    .exe windows x86


    Headers

    Sections