remcos | 905d5b062ff7521100cf178a310e68ef973396f95aef5ac0f63e1dc4808d3f79 | Triage

Sharing

General

Target

2860-123-0x0000000000400000-0x0000000001462000-memory.dmp
Size

16.4MB
Sample

230717-jhg5jabd61
MD5

d2e0b41acd646f80ebbf1b1dcd58649a
SHA1

346b6628720c3c2a7a2aa383252c439263b66438
SHA256

905d5b062ff7521100cf178a310e68ef973396f95aef5ac0f63e1dc4808d3f79
SHA512

cf2f8845fe703db8e7eefd3236c20569b083958ccda24567d606032b05ac8df194f8301acefa1ed00312f3879caaed1672288f1afe6b6f568edffd00eab508ee
SSDEEP

12288:dRXxReZj3WZfj/2eSseWFaIe2+f8CL4Us/ZO2XDU:dx7cyF2eSsewS8W4vZj

Score

10^/10

remcos slaves

Malware Config

Extracted

Family

remcos

Botnet

Slaves

C2

5.253.114.108:2022

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
client.exe
copy_folder
client
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
true
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-VGIHTH
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  2860-123-0x0000000000400000-0x0000000001462000-memory.dmp
- Size
  
  16.4MB
- MD5
  
  d2e0b41acd646f80ebbf1b1dcd58649a
- SHA1
  
  346b6628720c3c2a7a2aa383252c439263b66438
- SHA256
  
  905d5b062ff7521100cf178a310e68ef973396f95aef5ac0f63e1dc4808d3f79
- SHA512
  
  cf2f8845fe703db8e7eefd3236c20569b083958ccda24567d606032b05ac8df194f8301acefa1ed00312f3879caaed1672288f1afe6b6f568edffd00eab508ee
- SSDEEP
  
  12288:dRXxReZj3WZfj/2eSseWFaIe2+f8CL4Us/ZO2XDU:dx7cyF2eSsewS8W4vZj
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2