Overview

overview

10

Static

static

10

2268-146-0...ry.exe

windows7-x64

1

2268-146-0...ry.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2268-146-0x0000000000400000-0x0000000000480000-memory.dmp

  • Size

    512KB

  • MD5

    8539c4bd76b7dcb8e7123df7ae55eda7

  • SHA1

    321e63b5ff7a64a47a9f68c1688af822fb95f135

  • SHA256

    04ab4f9ccfd3d8a24dcf50c181b37bcc4891b83ac9c461351cad43ed51f95a17

  • SHA512

    88b9ef3f98e8827d749fc18e83407042ce9fb96c0d91716dce888328e56bfb18b836e369c7838174391d72ae541cab186f48be0c8b1588774eb251a918343f30

  • SSDEEP

    12288:iX8/Vx65HCnDAByqulR1fZJQGs/Z8IRq:J/Vc5HCnDABMfZJQNZT

Score
10/10
remotehostremcos

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

gdyhjjdhbvxgsfe.gotdns.ch:2718

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    true

  • install_flag

    false

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    Rmc-954DMK

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
    remcos
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2268-146-0x0000000000400000-0x0000000000480000-memory.dmp
    .exe windows x86


    Headers

    Sections