General
-
Target
4796-163-0x0000000000400000-0x0000000000480000-memory.dmp
-
Size
512KB
-
MD5
d4473ec9b509ff5bf4eceac50e101dad
-
SHA1
1fc6cccb6faf5fe1a3b544eebbd6550c7c4555b6
-
SHA256
dd6d60a538fc007e307c9c4dc0d529d11bb67f010a15ab38c4614dbbe7215342
-
SHA512
251c47d0008dfa2fe78fe69073bd0d31e3396569765eb81484d43031db73ec6fdba92817b4141bce11cf499171915f1821b4a019a771fb35e868157d41e8738d
-
SSDEEP
12288:CX8/Vx65HCnDAByqulR1fZJQGs/Z8iRq:p/Vc5HCnDABMfZJQNZd
Score
10/10
Malware Config
Extracted
Family
remcos
Botnet
RemoteHost
C2
obologs.work.gd:34346
Attributes
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-SI52AW
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Signatures
-
Remcos family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
4796-163-0x0000000000400000-0x0000000000480000-memory.dmp
Headers
Sections