Overview

overview

10

Static

static

10

2020-64-0x...ry.exe

windows7-x64

1

2020-64-0x...ry.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2020-64-0x0000000000400000-0x0000000000480000-memory.dmp

  • Size

    512KB

  • MD5

    59e3c9978d300ed27afb80b2ffd9ed04

  • SHA1

    9106f9bf5ed3df9fbeda2dcf9149a284558b957e

  • SHA256

    f9d5b3567045a979512f89d9bbd6cd9d4a127c081590cc6cdae0b8cbf7a30215

  • SHA512

    073954cb45f97fb8ca3921461b1eed3b4ebc2ac2fee51bff2471439af6cd1548ef330b36d632d67802468d45aff6867203f4c96787f5dd995d1dc9d34d9ca801

  • SSDEEP

    6144:+XVUvr+eNVx6JuGD5To83sRnymABKtqulRwOJfZJEfcZdC48hAiWsAOZZ8RX7mck:+X8/Vx65HCnDAByqulR1fZJQGs/Z8

Score
10/10
remotehostremcos

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

139.28.39.161:2408

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-CM5LAE

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
    remcos
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2020-64-0x0000000000400000-0x0000000000480000-memory.dmp
    .exe windows x86


    Headers

    Sections