remcos | 126cbc53c0486bb1caebf650790189e6c4a5650ffe645e2e6ece29f49df884eb | Triage

Sharing

General

Target

2692-46-0x0000000072670000-0x00000000736D2000-memory.dmp
Size

16.4MB
Sample

240124-j75xwsdgej
MD5

56b8dfddc91741be7b6f17a1e0c78ea8
SHA1

a343a4605138acd87061559e7bfa9dd56d6ac2c5
SHA256

126cbc53c0486bb1caebf650790189e6c4a5650ffe645e2e6ece29f49df884eb
SHA512

1a481aa38e8ed6158e41bd07a3973ff134fa8d513ecc34f7bbb0802c6d029d9a073d280c53c3d79f9fe80887eb26184b2e7740e33da703c15ec4162322ba1745
SSDEEP

12288:nCK82mEfg8hU8fQQM4yxyBZqKFiqLs/ZyRcv:CGY8hU8fQUZTrOZ

Score

10^/10

remcos special

Malware Config

Extracted

Family

remcos

Botnet

Special

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
keylog_crypt
false
keylog_file
lonjoup.dat
keylog_flag
false
keylog_path
%AppData%
mouse_option
false
mutex
lpereits-FZGND0
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  2692-46-0x0000000072670000-0x00000000736D2000-memory.dmp
- Size
  
  16.4MB
- MD5
  
  56b8dfddc91741be7b6f17a1e0c78ea8
- SHA1
  
  a343a4605138acd87061559e7bfa9dd56d6ac2c5
- SHA256
  
  126cbc53c0486bb1caebf650790189e6c4a5650ffe645e2e6ece29f49df884eb
- SHA512
  
  1a481aa38e8ed6158e41bd07a3973ff134fa8d513ecc34f7bbb0802c6d029d9a073d280c53c3d79f9fe80887eb26184b2e7740e33da703c15ec4162322ba1745
- SSDEEP
  
  12288:nCK82mEfg8hU8fQQM4yxyBZqKFiqLs/ZyRcv:CGY8hU8fQUZTrOZ
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2