remcos | a6425bee339e66bc428cd1fd594066dafa85946e72f3903a66667c279ad94fe6 | Triage

Sharing

General

Target

2612-10-0x000000000F0F0000-0x000000000F172000-memory.dmp
Size

520KB
Sample

231005-qxpw9adc54
MD5

46bfc62122d8faac2305a45f8f9bf6b6
SHA1

ee0a66690a63346b04c023d1722f2f80a03073a9
SHA256

a6425bee339e66bc428cd1fd594066dafa85946e72f3903a66667c279ad94fe6
SHA512

cf910f0e3c3cb2ffecd95e11f17d41fb848e9221311550ced4d9b48cba0a4a5420ebbddf90ea4d9da4063cba2e604ea6e7f1cb9f4f034bedc9466ffdf9ee4e36
SSDEEP

12288:isnYXnsDo4bQi8AN8Cz9BnJjs/ZKYD8v:g+o4bQiX9dMZv

Score

10^/10

remcos eu

Malware Config

Extracted

Family

remcos

Botnet

EU

C2

tornado.ydns.eu:1972

orifak.ydns.eu:1972

filwelreg.pw:1972

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
RmgDEfdfdef-B6N60C
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  2612-10-0x000000000F0F0000-0x000000000F172000-memory.dmp
- Size
  
  520KB
- MD5
  
  46bfc62122d8faac2305a45f8f9bf6b6
- SHA1
  
  ee0a66690a63346b04c023d1722f2f80a03073a9
- SHA256
  
  a6425bee339e66bc428cd1fd594066dafa85946e72f3903a66667c279ad94fe6
- SHA512
  
  cf910f0e3c3cb2ffecd95e11f17d41fb848e9221311550ced4d9b48cba0a4a5420ebbddf90ea4d9da4063cba2e604ea6e7f1cb9f4f034bedc9466ffdf9ee4e36
- SSDEEP
  
  12288:isnYXnsDo4bQi8AN8Cz9BnJjs/ZKYD8v:g+o4bQiX9dMZv
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2