Overview

overview

10

Static

static

10

1800-409-0...ry.exe

windows7-x64

1

1800-409-0...ry.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1800-409-0x0000000000400000-0x0000000000481000-memory.dmp

  • Size

    516KB

  • MD5

    6988a5a5a75421661c254b239b2d913f

  • SHA1

    4698a26181f43f6bc74c45c4a1e2bfa431032330

  • SHA256

    d36b7360e7d70828476e2a680423601fab3f452876406984f844a4eee5d973cb

  • SHA512

    2c873d13ac89e29fc22e74205bd0e0bf813ef18096d686cce1c27ecd00f560e6ceaab7cd97f70fda7fe7e152f2b6d0bdee7c4820f305de752e69828bfd106a6d

  • SSDEEP

    12288:DRXxReZj3WZfj/2eSseWFaIe2+f8CL4ls/ZO2/DU:Dx7cyF2eSsewS8W40Zj

Score
10/10
trukeynewlogsremcos

Malware Config

Extracted

Family

remcos

Botnet

TRUKEYNEWLOGS

C2

www.akbeyaztckstil.com:32676

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    8888

  • mouse_option

    false

  • mutex

    Rmc-6YD0Q7

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
    remcos
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1800-409-0x0000000000400000-0x0000000000481000-memory.dmp
    .exe windows x86


    Headers

    Sections