General

  • Target

    3156-941-0x0000000000400000-0x0000000000482000-memory.dmp

  • Size

    520KB

  • Sample

    231213-ns8gpaded6

  • MD5

    9cb5fd8fd46044786e3fdac7d55799ba

  • SHA1

    cfe21cba208819300fff9700b79d7b9df177eb53

  • SHA256

    8401c99c505a098ddc02c423c697be37ae4ebe57e27e1e20af1c7d724b8ea8b1

  • SHA512

    9f4a093cbf4057e93b1bc076b5e8bf9318e1fc9abe58e8ea22d61053a15d93d89e18745c62147bdbf1ff0dfac282235ffcafec321e2c6e1c74fde51adc6e2691

  • SSDEEP

    6144:AXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHasAOZZsAX4cse5Gv:AX7tPMK8ctGe4Dzl4h2Qnuss/Zskcv

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

jburg.net:3363

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-Y4B0AA

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      3156-941-0x0000000000400000-0x0000000000482000-memory.dmp

    • Size

      520KB

    • MD5

      9cb5fd8fd46044786e3fdac7d55799ba

    • SHA1

      cfe21cba208819300fff9700b79d7b9df177eb53

    • SHA256

      8401c99c505a098ddc02c423c697be37ae4ebe57e27e1e20af1c7d724b8ea8b1

    • SHA512

      9f4a093cbf4057e93b1bc076b5e8bf9318e1fc9abe58e8ea22d61053a15d93d89e18745c62147bdbf1ff0dfac282235ffcafec321e2c6e1c74fde51adc6e2691

    • SSDEEP

      6144:AXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHasAOZZsAX4cse5Gv:AX7tPMK8ctGe4Dzl4h2Qnuss/Zskcv

    Score
    1/10

MITRE ATT&CK Matrix

Tasks