lucastealer | 52b49593cbcc54f429acc71458e2c0b1a1a120ba97566ca212a5890bb6f57f60

Analysis

max time kernel
503s
max time network
507s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17-03-2023 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Remcos-RAT-2022-main.zip
Size

6.2MB
MD5

0f9f51e0ead01237835ff0b282f4a64d
SHA1

e8b17f04903a949e62829e170e304197f0a7aa4c
SHA256

52b49593cbcc54f429acc71458e2c0b1a1a120ba97566ca212a5890bb6f57f60
SHA512

432468d81970396d68f76b43118d8eafc89a7065eccb1f5353de214ec98987938e7cdf8d8a8940e2d19f68825a78f0f20af02d7da708dd4d7f2c6a6ed29a5ba8
SSDEEP

196608:k3uWGcLxB07EwdVWexixm0dSIl9LtEF1XrZPXIX8u6p:PRZdV2cmSacF1NPX0x+

Score

10^/10

lucastealer spyware stealer upx

Malware Config

Signatures

Luca Stealer
Info stealer written in Rust first seen in July 2022.
stealer lucastealer

Luca Stealer payload 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/4384-168-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp	family_lucastealer
behavioral1/memory/848-205-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp	family_lucastealer
behavioral1/memory/4196-207-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp	family_lucastealer
behavioral1/memory/4196-279-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp	family_lucastealer

Executes dropped EXE 3 IoCs

Processes:

Remcos Professional.exeRemcos Professional.exeRemcos Professional.exe

pid process

4384 Remcos Professional.exe
848 Remcos Professional.exe
4196 Remcos Professional.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos Professional.exe	upx
C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos Professional.exe	upx
behavioral1/memory/4384-143-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp	upx
behavioral1/memory/4384-168-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp	upx
C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos Professional.exe	upx
behavioral1/memory/848-170-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp	upx
behavioral1/memory/848-205-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp	upx
C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos Professional.exe	upx
behavioral1/memory/4196-207-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp	upx
behavioral1/memory/4196-279-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp	upx

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

49 ip-api.com

flow	ioc
49	ip-api.com

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

Remcos Professional.exeRemcos Professional.exeRemcos Professional.exe

pid	process
4384	Remcos Professional.exe
4384	Remcos Professional.exe
4384	Remcos Professional.exe
4384	Remcos Professional.exe
4384	Remcos Professional.exe
4384	Remcos Professional.exe
848	Remcos Professional.exe
848	Remcos Professional.exe
848	Remcos Professional.exe
848	Remcos Professional.exe
848	Remcos Professional.exe
848	Remcos Professional.exe
4196	Remcos Professional.exe
4196	Remcos Professional.exe
4196	Remcos Professional.exe
4196	Remcos Professional.exe
4196	Remcos Professional.exe
4196	Remcos Professional.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

7zG.exesvchost.exe

description	pid	process
Token: SeRestorePrivilege	2980	7zG.exe
Token: 35	2980	7zG.exe
Token: SeSecurityPrivilege	2980	7zG.exe
Token: SeSecurityPrivilege	2980	7zG.exe
Token: SeManageVolumePrivilege	1540	svchost.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7zG.exe

pid process

2980 7zG.exe

pid	process
2980	7zG.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Remcos-RAT-2022-main.zip
1⤵
PID:2368

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1504

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Remcos-RAT-2022-main\" -spe -an -ai#7zMap10704:98:7zEvent22668
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2980

C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos Professional.exe
"C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos Professional.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4384

C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos Professional.exe
"C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos Professional.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:848

C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos Professional.exe
"C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos Professional.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4196

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1540

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Remcos-RAT-2022-main\BuilderProfiles\DefaultProfile.ini
1⤵
PID:1920

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Remcos-RAT-2022-main\BuilderProfiles\DefaultProfile.ini
1⤵
PID:2148

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos_Settings.ini
1⤵
PID:4700

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Google_cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Google_cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Google_cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Google_login_data

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Google_login_data

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Google_login_data

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Google_webdata

Filesize
92KB

MD5
c9f27e93d4d2fb6dc5d4d1d2f7d529db

SHA1
cc44dd47cabe4d2ebba14361f8b5254064d365d3

SHA256
d724f78d92cc963b4a06a12a310c0f5411b1ce42361dcfc498a5759efe9fdd7c

SHA512
f7cc478278a5725e18ac8c7ff715fd88798b4562412d354925711c25353277ff2044d3c4a314d76f987006941b35cdde43deb9df4397b37689f67cb8fe541472

Download Submit
C:\Users\Admin\AppData\Local\Temp\Google_webdata

Filesize
92KB

MD5
c9f27e93d4d2fb6dc5d4d1d2f7d529db

SHA1
cc44dd47cabe4d2ebba14361f8b5254064d365d3

SHA256
d724f78d92cc963b4a06a12a310c0f5411b1ce42361dcfc498a5759efe9fdd7c

SHA512
f7cc478278a5725e18ac8c7ff715fd88798b4562412d354925711c25353277ff2044d3c4a314d76f987006941b35cdde43deb9df4397b37689f67cb8fe541472

Download Submit
C:\Users\Admin\AppData\Local\Temp\Google_webdata

Filesize
92KB

MD5
c9f27e93d4d2fb6dc5d4d1d2f7d529db

SHA1
cc44dd47cabe4d2ebba14361f8b5254064d365d3

SHA256
d724f78d92cc963b4a06a12a310c0f5411b1ce42361dcfc498a5759efe9fdd7c

SHA512
f7cc478278a5725e18ac8c7ff715fd88798b4562412d354925711c25353277ff2044d3c4a314d76f987006941b35cdde43deb9df4397b37689f67cb8fe541472

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_login_data

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_login_data

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_login_data

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Temp\out.zip

Filesize
388B

MD5
e24ad0051bb4ecb0b6becb3ea8f9282e

SHA1
be26fcf56860fd6f5b8f17aa5248198dc41f02e2

SHA256
5dd0809f984c826b093265df4c8ec4d0e5f239c133feee6c8e34dce778dc99af

SHA512
0572393e456c6a8614f2843f7c288cb84be4f3fe4c700705ab2368ebc7191147abb4537d5ea8eba499d0ac89b188d13b81eac3f8d27f706ec621f0eb7212fb95

Download Submit
C:\Users\Admin\AppData\Local\Temp\out.zip

Filesize
388B

MD5
c9141ff28f205aea6e1426bb69fe08a3

SHA1
9d37a3d0940405f3a0cb8c1d040fc0958c68db1c

SHA256
e4851a85184aa6d5fde0ea04e0349e56cf025f862dedf3f3472bcef78d32c853

SHA512
9d7800921d5f65789ae7d562a8d6448fa713384020a6a0d26fc2653018b563e625b29845e600bab0c19e020ebbcabc67d02b2d7c88a7b805acdb86020b5bc6c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\sensfiles.zip

Filesize
3.5MB

MD5
f5e23472493ea0c456e57cb6229354dc

SHA1
093b2a178cd37af1c82646fb088394dbade534b8

SHA256
2f2c0f59cba7ee7bbe9f876a2e80909aea8453342e0d51ea8b7adf620c97ec7d

SHA512
050470205dca05112117e1b2a8f268409bc3c797eeae70840c525718d4308488ccab724fcfa53685efbd36707f040b0a1e2a38c4d9b2cc7e262a8fc8afa50863

Download Submit
C:\Users\Admin\AppData\Local\Temp\sensfiles.zip

Filesize
3.5MB

MD5
b1c03e3e6b1c651b0024fc415be95efc

SHA1
963f783d0a5b1b0f6fce31ac3c94373089ee7af9

SHA256
b8ab0322f959b7d3b62a809b4405742fdb9251751410684b31e88cb7b25390c5

SHA512
60f2ff5c81ec184f42d12fd1cb87ad7eea7155f74fd1c67235672946fa4fa1b3d76a408469b7fb93940960fa02f4ae8d85c8c585d3528e1c5ba116e05782bf87

Download Submit
C:\Users\Admin\AppData\Local\logscx\info.txt

Filesize
320B

MD5
dd0334bdbab496068b7f71e2db4dc774

SHA1
f73daea84a7de95641b72d4734cfb785e1e18557

SHA256
e2b422bc3a1cfe1c6954fbafa7967d62046e7d24d12e0fea4d3046f2a1af2f6b

SHA512
0419caf9c77913751971413c70d61a3352715737f030ec686de0438ce66fc21f51dc82f7703b759b1c2f0b73b1be0f92a60525de310371081cf57fc2f6dbb577

Download Submit
C:\Users\Admin\AppData\Local\logscx\info.txt

Filesize
320B

MD5
dd0334bdbab496068b7f71e2db4dc774

SHA1
f73daea84a7de95641b72d4734cfb785e1e18557

SHA256
e2b422bc3a1cfe1c6954fbafa7967d62046e7d24d12e0fea4d3046f2a1af2f6b

SHA512
0419caf9c77913751971413c70d61a3352715737f030ec686de0438ce66fc21f51dc82f7703b759b1c2f0b73b1be0f92a60525de310371081cf57fc2f6dbb577

Download Submit
C:\Users\Admin\AppData\Local\logscx\info.txt

Filesize
320B

MD5
dd0334bdbab496068b7f71e2db4dc774

SHA1
f73daea84a7de95641b72d4734cfb785e1e18557

SHA256
e2b422bc3a1cfe1c6954fbafa7967d62046e7d24d12e0fea4d3046f2a1af2f6b

SHA512
0419caf9c77913751971413c70d61a3352715737f030ec686de0438ce66fc21f51dc82f7703b759b1c2f0b73b1be0f92a60525de310371081cf57fc2f6dbb577

Download Submit
C:\Users\Admin\AppData\Local\logscx\screen-1.png

Filesize
80KB

MD5
351d77a9eded9d0f72197acf0729f309

SHA1
c98582e490ab3f2015b9d7f867921e539b00b090

SHA256
5a0a75b257e59119ae5c5719b80834336e29493ae57f8ecab7b6d7e6d83e61e7

SHA512
0be18097d5bdc28ce6cfae45cec5117040a9d47bda0270d69b13757cf3557493f6d06292611748fbd8dd293f7b67a37e6bdc0199e1aacc2abbcd4912218c2695

Download Submit
C:\Users\Admin\AppData\Local\logscx\screen-1.png

Filesize
80KB

MD5
351d77a9eded9d0f72197acf0729f309

SHA1
c98582e490ab3f2015b9d7f867921e539b00b090

SHA256
5a0a75b257e59119ae5c5719b80834336e29493ae57f8ecab7b6d7e6d83e61e7

SHA512
0be18097d5bdc28ce6cfae45cec5117040a9d47bda0270d69b13757cf3557493f6d06292611748fbd8dd293f7b67a37e6bdc0199e1aacc2abbcd4912218c2695

Download Submit
C:\Users\Admin\AppData\Local\logscx\screen-1.png

Filesize
80KB

MD5
351d77a9eded9d0f72197acf0729f309

SHA1
c98582e490ab3f2015b9d7f867921e539b00b090

SHA256
5a0a75b257e59119ae5c5719b80834336e29493ae57f8ecab7b6d7e6d83e61e7

SHA512
0be18097d5bdc28ce6cfae45cec5117040a9d47bda0270d69b13757cf3557493f6d06292611748fbd8dd293f7b67a37e6bdc0199e1aacc2abbcd4912218c2695

Download Submit
C:\Users\Admin\AppData\Local\logscx\sensfiles.zip

Filesize
3.5MB

MD5
46c64c9534aa6740d4187778846a3bfe

SHA1
6ccd26bc92bb1abc630effeb61e3bdc1c7c30a7d

SHA256
d57582f6ef9e95814e119eb3e8de016a3114ceae6df555124c4c6d8872eb98a8

SHA512
1725daf97a268d989d07eb96d3ce528f3a609c13221db553a45d5ee53d2510ab8c4b92bcde1ee0de25f8604fea912af38a39fe12e66287b0258163a1a1cb919a

Download Submit
C:\Users\Admin\AppData\Local\logscx\sensfiles.zip

Filesize
3.5MB

MD5
f5e23472493ea0c456e57cb6229354dc

SHA1
093b2a178cd37af1c82646fb088394dbade534b8

SHA256
2f2c0f59cba7ee7bbe9f876a2e80909aea8453342e0d51ea8b7adf620c97ec7d

SHA512
050470205dca05112117e1b2a8f268409bc3c797eeae70840c525718d4308488ccab724fcfa53685efbd36707f040b0a1e2a38c4d9b2cc7e262a8fc8afa50863

Download Submit
C:\Users\Admin\AppData\Local\logscx\sensfiles.zip

Filesize
3.5MB

MD5
f5e23472493ea0c456e57cb6229354dc

SHA1
093b2a178cd37af1c82646fb088394dbade534b8

SHA256
2f2c0f59cba7ee7bbe9f876a2e80909aea8453342e0d51ea8b7adf620c97ec7d

SHA512
050470205dca05112117e1b2a8f268409bc3c797eeae70840c525718d4308488ccab724fcfa53685efbd36707f040b0a1e2a38c4d9b2cc7e262a8fc8afa50863

Download Submit
C:\Users\Admin\AppData\Local\logscx\sensfiles.zip

Filesize
3.5MB

MD5
b1c03e3e6b1c651b0024fc415be95efc

SHA1
963f783d0a5b1b0f6fce31ac3c94373089ee7af9

SHA256
b8ab0322f959b7d3b62a809b4405742fdb9251751410684b31e88cb7b25390c5

SHA512
60f2ff5c81ec184f42d12fd1cb87ad7eea7155f74fd1c67235672946fa4fa1b3d76a408469b7fb93940960fa02f4ae8d85c8c585d3528e1c5ba116e05782bf87

Download Submit
C:\Users\Admin\AppData\Local\logscx\sensfiles.zip

Filesize
3.5MB

MD5
b1c03e3e6b1c651b0024fc415be95efc

SHA1
963f783d0a5b1b0f6fce31ac3c94373089ee7af9

SHA256
b8ab0322f959b7d3b62a809b4405742fdb9251751410684b31e88cb7b25390c5

SHA512
60f2ff5c81ec184f42d12fd1cb87ad7eea7155f74fd1c67235672946fa4fa1b3d76a408469b7fb93940960fa02f4ae8d85c8c585d3528e1c5ba116e05782bf87

Download Submit
C:\Users\Admin\AppData\Local\logscx\system_info.txt

Filesize
1KB

MD5
515ed7d6ef42665d97490100e174bfcf

SHA1
a474fab72da76fa1e6a24a95409c078fab1bd8b0

SHA256
c2f6af52b466e34636e0782728eaf01e4f77937289bf072415596ff08302397c

SHA512
0d241179f16d1ff73f8a49e3bb33b498aaa66d0e2c1f9d32e3a7b356a3b5e294ab8ae3fbbbbcf5aa1181d0c97fe625e7b55741fa1b38b05a321f3c8c4d89977b

Download Submit
C:\Users\Admin\AppData\Local\logscx\system_info.txt

Filesize
1KB

MD5
43985095163b684c3fa74d590becbc78

SHA1
2489b2e32ad40bd433b8848842066650c57456a7

SHA256
cab248dccc25982b14c8489c2aaabc7005e8a945b017b8b8c5befcc2a17f2685

SHA512
033d7d35014c8e5579cfe22f01127ad53a31e17536662875196e2c21320e347832fe0ff203aad30d76fb15d88663d2f1b9d1c9da7c2923e236df25e71758b282

Download Submit
C:\Users\Admin\Desktop\Remcos-RAT-2022-main\BuilderProfiles\DefaultProfile.ini

Filesize
431B

MD5
70cf32c1cda028515c3fb0801d3fc2ce

SHA1
6ed08ecce9c55aeb9acaff6b52356e2ce4047d5d

SHA256
87dc653fa7b6331ab8358a6b7490e9cf4d2cb036f706a92cdf1060ad2c8defa1

SHA512
656d145347dd8ec219e2c618a605b44fe79592123e2a912106bc9603717e36e1277e950a8339668bbcde1992e887e9be0c473f62fe991e1c49e2a8ef679ac79c

Download Submit
C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos Professional.exe

Filesize
6.5MB

MD5
1ecae7b88236fff686604c40f2ec8ef0

SHA1
5338d387c764b7da0a097e4dd38c17c603e62b08

SHA256
95a3f82e8e77aeb491d7faaf17c4f206763ff7eb08b8696e28ad109b67b984cf

SHA512
6a396bf98181250a2a386c2ee4dbcd8a4be6e23de029d614296e6f33a66b6f6049b487ef07d70936812c31f6cce7bb1b709361b749e0b1ad3507382b26c00a5c

Download Submit
C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos Professional.exe

Filesize
6.5MB

MD5
1ecae7b88236fff686604c40f2ec8ef0

SHA1
5338d387c764b7da0a097e4dd38c17c603e62b08

SHA256
95a3f82e8e77aeb491d7faaf17c4f206763ff7eb08b8696e28ad109b67b984cf

SHA512
6a396bf98181250a2a386c2ee4dbcd8a4be6e23de029d614296e6f33a66b6f6049b487ef07d70936812c31f6cce7bb1b709361b749e0b1ad3507382b26c00a5c

Download Submit
C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos Professional.exe

Filesize
6.5MB

MD5
1ecae7b88236fff686604c40f2ec8ef0

SHA1
5338d387c764b7da0a097e4dd38c17c603e62b08

SHA256
95a3f82e8e77aeb491d7faaf17c4f206763ff7eb08b8696e28ad109b67b984cf

SHA512
6a396bf98181250a2a386c2ee4dbcd8a4be6e23de029d614296e6f33a66b6f6049b487ef07d70936812c31f6cce7bb1b709361b749e0b1ad3507382b26c00a5c

Download Submit
C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos Professional.exe

Filesize
6.5MB

MD5
1ecae7b88236fff686604c40f2ec8ef0

SHA1
5338d387c764b7da0a097e4dd38c17c603e62b08

SHA256
95a3f82e8e77aeb491d7faaf17c4f206763ff7eb08b8696e28ad109b67b984cf

SHA512
6a396bf98181250a2a386c2ee4dbcd8a4be6e23de029d614296e6f33a66b6f6049b487ef07d70936812c31f6cce7bb1b709361b749e0b1ad3507382b26c00a5c

Download Submit
C:\Users\Admin\Desktop\Remcos-RAT-2022-main\Remcos_Settings.ini

Filesize
881B

MD5
a3468935e33e361cf94f4721ed4cb66d

SHA1
c3b19ca8382534b2179940cabede8c6c952a9c06

SHA256
b374af58c24b6085f64f979dab434643da39d0267a27975f396473327dc98c7d

SHA512
c1caa0b9637a46187d54b2952db204182fad5a5324574949ce4db13bdb17624ccd8b3228eb9b2bcfe5851add2c5d2f586945e7264b1d1cd02d91acf1fd81583a

Download Submit
memory/848-205-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp

Filesize
25.3MB

Download
memory/848-170-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp

Filesize
25.3MB

Download
memory/1540-254-0x0000025A6D990000-0x0000025A6D9A0000-memory.dmp

Filesize
64KB

Download
memory/1540-238-0x0000025A6D890000-0x0000025A6D8A0000-memory.dmp

Filesize
64KB

Download
memory/1540-274-0x0000025A75D00000-0x0000025A75D01000-memory.dmp

Filesize
4KB

Download
memory/1540-276-0x0000025A75D30000-0x0000025A75D31000-memory.dmp

Filesize
4KB

Download
memory/1540-277-0x0000025A75D30000-0x0000025A75D31000-memory.dmp

Filesize
4KB

Download
memory/1540-278-0x0000025A75E40000-0x0000025A75E41000-memory.dmp

Filesize
4KB

Download
memory/4196-207-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp

Filesize
25.3MB

Download
memory/4196-279-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp

Filesize
25.3MB

Download
memory/4384-143-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp

Filesize
25.3MB

Download
memory/4384-168-0x00007FF7F7570000-0x00007FF7F8EB4000-memory.dmp

Filesize
25.3MB

Download