remcos | 68d54408d46a6c59d7f3ba7a9d764825756c5382f0d96da69fa6897f36a79a43 | Triage

Sharing

General

Target

1136-57-0x0000000000400000-0x0000000000489000-memory.dmp
Size

548KB
Sample

230717-k5q7dsba52
MD5

c94aa9ca85379151edda1f9a5ae8a7f9
SHA1

36762eea3e0b52ccf455222e4e571d295bfdd510
SHA256

68d54408d46a6c59d7f3ba7a9d764825756c5382f0d96da69fa6897f36a79a43
SHA512

b54d72812ef4bf592cb322388826f0264a61085cc712312de3dba1e1573d9b7ed390ee121a0ed3e0efb1a44218d2bda01f421ab23d6e3511d061b9e8b6e17b3d
SSDEEP

12288:ctRXxReZj3WZfj/2eSseWFaIe2+f8CL4Js/ZfL+:ctx7cyF2eSsewS8W4oZT

Score

10^/10

remcos btc upx

Malware Config

Extracted

Family

remcos

Botnet

BTC

C2

zoonm.ddns.net:9001

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
vlc.exe
copy_folder
vlc
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
true
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-6FL95Y
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  1136-57-0x0000000000400000-0x0000000000489000-memory.dmp
- Size
  
  548KB
- MD5
  
  c94aa9ca85379151edda1f9a5ae8a7f9
- SHA1
  
  36762eea3e0b52ccf455222e4e571d295bfdd510
- SHA256
  
  68d54408d46a6c59d7f3ba7a9d764825756c5382f0d96da69fa6897f36a79a43
- SHA512
  
  b54d72812ef4bf592cb322388826f0264a61085cc712312de3dba1e1573d9b7ed390ee121a0ed3e0efb1a44218d2bda01f421ab23d6e3511d061b9e8b6e17b3d
- SSDEEP
  
  12288:ctRXxReZj3WZfj/2eSseWFaIe2+f8CL4Js/ZfL+:ctx7cyF2eSsewS8W4oZT
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2