Overview

overview

10

Static

static

10

3028-2-0x0...ry.exe

windows7-x64

3028-2-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    3028-2-0x0000000000400000-0x0000000000512000-memory.dmp

  • Size

    1.1MB

  • MD5

    4b1c20b440748cdd7e54a9bf01982c2e

  • SHA1

    797922700781ef79f7d4575500b900d2938fdfd4

  • SHA256

    67af86a9038f9c2d87d88352a60fa474448fbcbd703a385717d5b0132ca81c56

  • SHA512

    6fd89dda4c0f05f2cf7c35725a74f835bc620edefea3dffd1b733ea72dbb699c3ddbee99b3f8fe3359ef4031da7985e03e850211adffa7eb7ae90b498b1f5326

  • SSDEEP

    24576:Y9dQ1RmzNjpcZNIpeMLwAogE4jA4/MVvigJ:ToNdcZNtMLwA1Ji

Score
10/10
22066remcos

Malware Config

Extracted

Family

remcos

Botnet

22066

C2

45.155.7.187:22066

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    IE^&RHFFG-G576NA

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
    remcos
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3028-2-0x0000000000400000-0x0000000000512000-memory.dmp
    .exe windows x86


    Headers

    Sections