Overview

overview

10

Static

static

10

2840-17-0x...ry.exe

windows7-x64

2840-17-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2840-17-0x0000000000400000-0x0000000000482000-memory.dmp

  • Size

    520KB

  • MD5

    0dad567888e492215961870913cca30a

  • SHA1

    8956f9900df303d09f6b1a66c33099a273d89f6e

  • SHA256

    a1b2eb4e1be92ee34cd1e6470d2f2eaf5a903ac7dbd283cbebde6b0809e216b5

  • SHA512

    d59b9faa0d9fb269dbcef4d7862d4c4440fd6681e813f35bf3a17e9e06eb8c789508cf9314c9c1b3640bad129b9ea5156e5a21bf558a7b9acef64a133501ae1e

  • SSDEEP

    6144:yu/TwNrjB5ikgxx+bdPoWYnRmCgEVAWK9goN1dFv/xpM9rsAOZZpAXNc7:yu7wNB5iedQ1RmPEVAWONjpcs/Zp

Score
10/10
remotehostremcos

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

103.212.81.160:2404

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    true

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-8PXQFB

  • screenshot_crypt

    false

  • screenshot_flag

    true

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    1

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
    remcos
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2840-17-0x0000000000400000-0x0000000000482000-memory.dmp
    .exe windows x86


    Headers

    Sections