Overview

overview

10

Static

static

10

2332-2-0x0...ry.exe

windows7-x64

2332-2-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2332-2-0x0000000000400000-0x0000000000512000-memory.dmp

  • Size

    1.1MB

  • MD5

    7366a92b42732f3f762772df447de4bb

  • SHA1

    043992b7fa1b30df76e0161c2214693c551d595d

  • SHA256

    e2a33198f742ce6d28fb2faff815772029ab4dd7f8cead0391b24933e0d099a6

  • SHA512

    0403cdee4e0da56f6ea1788609ce23cb2b857eab20a8cc80a713c6dd9164185b42062420024d35c8249279e766153b98e4849cafc0cfb8d4aacb94861c991322

  • SSDEEP

    24576:Y9dQ1RmzNjp8ZpIpeMLwAogE4jA4/MVvigJ:ToNd8ZptMLwA1Ji

Score
10/10
22066remcos

Malware Config

Extracted

Family

remcos

Botnet

22066

C2

45.155.7.187:22066

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    IE^&RHFFG-G576NA

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
    remcos
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2332-2-0x0000000000400000-0x0000000000512000-memory.dmp
    .exe windows x86


    Headers

    Sections