General
-
Target
2944-44-0x0000000000400000-0x0000000000482000-memory.dmp
-
Size
520KB
-
Sample
231219-ak55psfhb4
-
MD5
3c81ecbaa320fe1727a584ec33848fed
-
SHA1
089f6f19f5f4b6ab664bbd4a4b14bf94b77405ba
-
SHA256
ae7203349b3e6afb6922a4445432fcb2ff0a12f308ac72f10ada3fcf84be5024
-
SHA512
ee28db7e9363f1b45a0edb4b6d9f8bf2e0572e1d2d159fd1da55f76245131df483b34cce0ba655b9279393a7e72c84b1fca0a4ace4dae89cb8e966e2250ea489
-
SSDEEP
6144:cXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZsAX4cNl5Gv:cX7tPMK8ctGe4Dzl4h2QnuPs/Zsccv
Malware Config
Extracted
remcos
RemoteHost
remcosmonitor.duckdns.org:14645
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-J5MVGG
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2944-44-0x0000000000400000-0x0000000000482000-memory.dmp
-
Size
520KB
-
MD5
3c81ecbaa320fe1727a584ec33848fed
-
SHA1
089f6f19f5f4b6ab664bbd4a4b14bf94b77405ba
-
SHA256
ae7203349b3e6afb6922a4445432fcb2ff0a12f308ac72f10ada3fcf84be5024
-
SHA512
ee28db7e9363f1b45a0edb4b6d9f8bf2e0572e1d2d159fd1da55f76245131df483b34cce0ba655b9279393a7e72c84b1fca0a4ace4dae89cb8e966e2250ea489
-
SSDEEP
6144:cXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZsAX4cNl5Gv:cX7tPMK8ctGe4Dzl4h2QnuPs/Zsccv
Score1/10 -