General
-
Target
4864-56-0x0000000000420000-0x00000000004A2000-memory.dmp
-
Size
520KB
-
Sample
231213-nstnjaded5
-
MD5
5b367ec8664827e00af2e700d6a77acd
-
SHA1
1b68fadb0baf04aca5020a583f056a804e92fc8c
-
SHA256
d045500f9f8bf78e44b82e80ec6fb48605ad6123af1094c68722f41c3d32296b
-
SHA512
16a8477cce31ba1066b442b2557dd660b165062bb9549e49ec47e0a7c7ba3694b2b5bc30d2449334e1710e57f0ef42872186ae0042e524798df115feeeae451f
-
SSDEEP
12288:e38ViPBwwywk38eKDyTGwHJ3HLs/ZW/8v:kP7ywk38eKc3HOZ
Behavioral task
behavioral1
Sample
4864-56-0x0000000000420000-0x00000000004A2000-memory.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4864-56-0x0000000000420000-0x00000000004A2000-memory.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
remcos
RemoteHost
127.0.0.1:45070
127.0.0.1:52707
172.245.208.30:52707
172.245.208.30:45070
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-2NCCY9
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
4864-56-0x0000000000420000-0x00000000004A2000-memory.dmp
-
Size
520KB
-
MD5
5b367ec8664827e00af2e700d6a77acd
-
SHA1
1b68fadb0baf04aca5020a583f056a804e92fc8c
-
SHA256
d045500f9f8bf78e44b82e80ec6fb48605ad6123af1094c68722f41c3d32296b
-
SHA512
16a8477cce31ba1066b442b2557dd660b165062bb9549e49ec47e0a7c7ba3694b2b5bc30d2449334e1710e57f0ef42872186ae0042e524798df115feeeae451f
-
SSDEEP
12288:e38ViPBwwywk38eKDyTGwHJ3HLs/ZW/8v:kP7ywk38eKc3HOZ
Score1/10 -