Overview

overview

10

Static

static

10

2796-16-0x...ry.exe

windows7-x64

2796-16-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2796-16-0x0000000072F40000-0x0000000073FA2000-memory.dmp

  • Size

    16.4MB

  • MD5

    71fcdce37c2acbe6b5c83e5863b70958

  • SHA1

    e87a895300d56f4e7d38ddb2f7e2b7e56dbef520

  • SHA256

    6e95e7c7e1a3cf5f66d791a6ed0e9582b5635131ca3417f7105b6eb11ce06342

  • SHA512

    170ed9465a7e625dc9c7d77c4d6c83e705019e756dff32626388c6ddb6dbf9f62a15bcdfb1e3bd8adf5fbfacc4d69f4b7b1abcc3af4e4dba4cc9bde2a2be04e0

  • SSDEEP

    6144:oR6NU560F9IzIYofINBOxOJ7s2/Gkix4rDZdlpXdqJNsAOZZCgXIcjU57ov:ooNCH9IxoAbQOW2/GkZDnus/ZCZ8v

Score
10/10
remotehostremcos

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

198.55.113.202:2404

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-V3UC60

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
    remcos
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2796-16-0x0000000072F40000-0x0000000073FA2000-memory.dmp
    .exe windows:5 windows x86


    Headers

    Sections