Overview

overview

10

Static

static

10

4000-186-0...ry.exe

windows7-x64

1

4000-186-0...ry.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    4000-186-0x0000000000400000-0x0000000000481000-memory.dmp

  • Size

    516KB

  • MD5

    084f057213b743838aaecd0dd707019f

  • SHA1

    9f983322e90267c9040d0e6fc82ef306de6382bf

  • SHA256

    431a661f63b6976912720a8aa5473d633190085e22cf1d2d0a8cc5b321f0cac6

  • SHA512

    782b6633c1d594e1fc382e6eec244a50db19a8279562022b50ee02fdca1927cc7e74642b5293e607ca436d176168d9f11dee36146b58d0bc5e386e901492e459

  • SSDEEP

    12288:fRXxReZj3WZfj/2eSseWFaIe2+f8CL4Rs/Zf23DU:fx7cyF2eSsewS8W4QZO

Score
10/10
pharmacy-peopleremcos

Malware Config

Extracted

Family

remcos

Botnet

PHARMACY-PEOPLE

C2

www.supremeswitchgear.com:32676

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    rematsssss

  • mouse_option

    false

  • mutex

    Rmc-JQWAXU

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
    remcos
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4000-186-0x0000000000400000-0x0000000000481000-memory.dmp
    .exe windows x86


    Headers

    Sections