General

  • Target

    3048-137-0x000000006F620000-0x0000000070682000-memory.dmp

  • Size

    16.4MB

  • MD5

    03269c3794f94d55dd661ecc3a161f4c

  • SHA1

    08aec9970a2adc7fc07f5eebb27a6443aceb0203

  • SHA256

    163c3d13f368d97e480a1b1a0fb5cffac512f888a17ccafe74ad69f0a84723a3

  • SHA512

    ce00de2f05abb96d1b75fb453ea52c0238e66d1a8af0fb62b40d9dafb8b242f9f336746d78297ce60cbdbda6686386d23782a6593f16b6c0d1369e0076fbc217

  • SSDEEP

    6144:da0I5Iu2hrwhBq7Kjsn9iHGXg0lwGS9MNNhdFvPxps9pesAOZZuAXec7Nl7ov:d9IR2hfK496Gw0lwGXN3pLs/ZuKl8v

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

VPHost

C2

79.134.225.83:7400

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    true

  • keylog_file

    cos

  • keylog_flag

    false

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    Rmc-INFN46

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3048-137-0x000000006F620000-0x0000000070682000-memory.dmp
    .exe windows:5 windows x86


    Headers

    Sections