General
-
Target
2336-54-0x0000000000400000-0x0000000000489000-memory.dmp
-
Size
548KB
-
MD5
681b5ee2aa3fb580724d9f60ba3c8f52
-
SHA1
bdd9e0b3d1ebf276fb4783706f196195cb28f237
-
SHA256
eba60c8486c38e2b8bb131be8706b4206b55ec944bc8a7b3cf5bf45aee6a91b4
-
SHA512
ceb889a51dae5d422ec8b6e7a4c05af9f4524550a8898c3f9cb74c47a62b1b671a23d1fef02ee757eb97ea28af4437e2bd2b8e32a2f27f881de60e201fd08093
-
SSDEEP
12288:AtRXxReZj3WZfj/2eSseWFaIe2+f8CL4Hs/ZfL:Atx7cyF2eSsewS8W4KZT
Score
10/10
Malware Config
Extracted
Family
remcos
Botnet
Arupark1
C2
claudia7363.ddns.net:37542
Attributes
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
Vlc.exe
-
copy_folder
Vlc
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Chrorne-NJMVES
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Signatures
-
Remcos family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2336-54-0x0000000000400000-0x0000000000489000-memory.dmp
Headers
Sections