General
-
Target
3156-941-0x0000000000400000-0x0000000000482000-memory.dmp
-
Size
520KB
-
Sample
231213-ns8gpaded6
-
MD5
9cb5fd8fd46044786e3fdac7d55799ba
-
SHA1
cfe21cba208819300fff9700b79d7b9df177eb53
-
SHA256
8401c99c505a098ddc02c423c697be37ae4ebe57e27e1e20af1c7d724b8ea8b1
-
SHA512
9f4a093cbf4057e93b1bc076b5e8bf9318e1fc9abe58e8ea22d61053a15d93d89e18745c62147bdbf1ff0dfac282235ffcafec321e2c6e1c74fde51adc6e2691
-
SSDEEP
6144:AXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHasAOZZsAX4cse5Gv:AX7tPMK8ctGe4Dzl4h2Qnuss/Zskcv
Behavioral task
behavioral1
Sample
3156-941-0x0000000000400000-0x0000000000482000-memory.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
3156-941-0x0000000000400000-0x0000000000482000-memory.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
remcos
RemoteHost
jburg.net:3363
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-Y4B0AA
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
3156-941-0x0000000000400000-0x0000000000482000-memory.dmp
-
Size
520KB
-
MD5
9cb5fd8fd46044786e3fdac7d55799ba
-
SHA1
cfe21cba208819300fff9700b79d7b9df177eb53
-
SHA256
8401c99c505a098ddc02c423c697be37ae4ebe57e27e1e20af1c7d724b8ea8b1
-
SHA512
9f4a093cbf4057e93b1bc076b5e8bf9318e1fc9abe58e8ea22d61053a15d93d89e18745c62147bdbf1ff0dfac282235ffcafec321e2c6e1c74fde51adc6e2691
-
SSDEEP
6144:AXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHasAOZZsAX4cse5Gv:AX7tPMK8ctGe4Dzl4h2Qnuss/Zskcv
Score1/10 -