General
-
Target
2804-18-0x0000000000400000-0x000000000048B000-memory.dmp
-
Size
556KB
-
Sample
231201-pbkvqshf44
-
MD5
b59e2ca5da22cdbac3c38b5588a91abb
-
SHA1
0d0a89e7c960dcbbefe5d07bd7e42f2bda3c1153
-
SHA256
6f654162df79596234664b2b6f2b4447802070b7c0dd684039c4a54a2bdf5e10
-
SHA512
fc3ecfebcdbac49df4cffd735cebb5c43633060475b620a1b4a610a653bb9e1848850e891319da49da35e997b08ce3af9a2cf6bc8c0788b1109c06963de4303e
-
SSDEEP
6144:qoXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFYsAOZZsAXOaji:qoX7tPMK8ctGe4Dzl4h2QnuQs/Zs
Behavioral task
behavioral1
Sample
2804-18-0x0000000000400000-0x000000000048B000-memory.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
2804-18-0x0000000000400000-0x000000000048B000-memory.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
remcos
RemoteHost
107.175.229.139:8087
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-IZFV1M
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2804-18-0x0000000000400000-0x000000000048B000-memory.dmp
-
Size
556KB
-
MD5
b59e2ca5da22cdbac3c38b5588a91abb
-
SHA1
0d0a89e7c960dcbbefe5d07bd7e42f2bda3c1153
-
SHA256
6f654162df79596234664b2b6f2b4447802070b7c0dd684039c4a54a2bdf5e10
-
SHA512
fc3ecfebcdbac49df4cffd735cebb5c43633060475b620a1b4a610a653bb9e1848850e891319da49da35e997b08ce3af9a2cf6bc8c0788b1109c06963de4303e
-
SSDEEP
6144:qoXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFYsAOZZsAXOaji:qoX7tPMK8ctGe4Dzl4h2QnuQs/Zs
Score1/10 -