General

  • Target

    2164-16-0x0000000000400000-0x0000000000482000-memory.dmp

  • Size

    520KB

  • MD5

    af2df774e3151d6eb30c8fbc98d83051

  • SHA1

    6a4c1717c601a4d66729c9de3a84839c3c6f8e9a

  • SHA256

    3093f0e8aa83222f08adb39366dc9c74f8d9b2082af3c99789916ef2a6f1ca35

  • SHA512

    1d9fddc35f345b5ab03aa2ee9aceb58b710e69e05b51d637af0b4b948b6f50ae8177742e642abb09d310d7ca4828725db89ae3ae36f52e02aa3f0d75ccb4e1b6

  • SSDEEP

    6144:ku/TwNrjB5ikgxx+bdPoWYnRmCgEVAWK9goN1dFv/xpM9rsAOZZpAXNc7:ku7wNB5iedQ1RmPEVAWONjpcs/Zp

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

95.214.27.6:3348

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-CJTO0J

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2164-16-0x0000000000400000-0x0000000000482000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections