Overview

overview

10

Static

static

10

2320-54-0x...ry.exe

windows7-x64

2320-54-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2320-54-0x0000000000400000-0x0000000000488000-memory.dmp

  • Size

    544KB

  • MD5

    717836f4b07e84c062882a3a7095af07

  • SHA1

    031bf29f89f7473e7826d29b59af7388b03b7f41

  • SHA256

    9d82e8b10ce2c361242e7d6511a9196fc7350d0494cac29d2c67e32ccbf0e291

  • SHA512

    8d4eb224bf48ed20eae451950d6799bec818c981a776fe353d281e176f7fae593f07928e6f730ae693a79af4d59664de6d3a4af2786a924bcd009e47d2776569

  • SSDEEP

    6144:kjH9dY1fKmXbwxqbQWmudPOqwiXO3X2yjKCrp/5ttAAMS6NTUsAOZZgQXykj:kjdAK8wxqkXuxOqLXO3X2orpbTs/Zg

Score
10/10
upxcloud9remcos

Malware Config

Extracted

Family

remcos

Botnet

CLOUD9

C2

tolatilbu.hopto.org:4848

rnnfibiteammony.duckdns.org:4848
Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    -6GGXHW

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
    remcos
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2320-54-0x0000000000400000-0x0000000000488000-memory.dmp
    .exe windows x86


    Headers

    Sections