Overview

overview

10

Static

static

10

1616-76-0x...ry.exe

windows7-x64

1

1616-76-0x...ry.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    1616-76-0x0000000000400000-0x0000000000481000-memory.dmp

  • Size

    516KB

  • MD5

    497d221ff72631300760fcb04c98c68d

  • SHA1

    419ef0ab18fc32682a03e533e5b68d02446d3678

  • SHA256

    f4a6c4a2b54bc7e816f8239b396735cf955c140bf9afb5bd14209c9bd677f108

  • SHA512

    f075f727a1e4983211f943f322bc32d01e8d48926da07af82a6164c6f5565ff258eadd82dd9b0faaedab82ff7e055b798c7dade7085f4c9845de0b852a87853c

  • SSDEEP

    12288:hRXxReZj3WZfj/2eSseWFaIe2+f8CL47bs/Zf2:hx7cyF2eSsewS8W47eZO

Score
10/10
cryptedremcos

Malware Config

Extracted

Family

remcos

Botnet

Crypted

C2

45.12.253.190:35789

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    true

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    Rmc-9GPKR0

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
    remcos
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1616-76-0x0000000000400000-0x0000000000481000-memory.dmp
    .exe windows x86


    Headers

    Sections