General
-
Target
4888-52-0x0000000000D40000-0x0000000001D40000-memory.dmp
-
Size
16.0MB
-
Sample
240214-rg79bsdh27
-
MD5
5d7212d3fd2274737416e5ed4b65c939
-
SHA1
c16d7b79367c9c336d850b64d1c23798710a98d6
-
SHA256
6add258f87e5ab5897d821769e0383d9c5a9f334a1928177a3a00e46e1b0bacc
-
SHA512
6afc656b70daf2718ba3aed29a52dd72f1f9959255f5eb86b3e437af1901a159b8ff211ff55479b0cc316e229a16eb7fdd29c0b4e0aa55e32b57ffceac5f48ac
-
SSDEEP
12288:4dnBvg+4m5RKeAyAXBMdi8vDJRs/ZkgcvbI:wf4m5RKevY8v6ZW
Behavioral task
behavioral1
Sample
4888-52-0x0000000000D40000-0x0000000001D40000-memory.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4888-52-0x0000000000D40000-0x0000000001D40000-memory.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
remcos
Obum Target
obum.airdns.org:48066
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
2
-
connect_interval
1
-
copy_file
obums.exe
-
copy_folder
Obum
-
delete_file
true
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
Obum
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Rmc-4QX70J
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
4888-52-0x0000000000D40000-0x0000000001D40000-memory.dmp
-
Size
16.0MB
-
MD5
5d7212d3fd2274737416e5ed4b65c939
-
SHA1
c16d7b79367c9c336d850b64d1c23798710a98d6
-
SHA256
6add258f87e5ab5897d821769e0383d9c5a9f334a1928177a3a00e46e1b0bacc
-
SHA512
6afc656b70daf2718ba3aed29a52dd72f1f9959255f5eb86b3e437af1901a159b8ff211ff55479b0cc316e229a16eb7fdd29c0b4e0aa55e32b57ffceac5f48ac
-
SSDEEP
12288:4dnBvg+4m5RKeAyAXBMdi8vDJRs/ZkgcvbI:wf4m5RKevY8v6ZW
Score1/10 -