remcos | 14e3ce7787c396d2dadfd8fe492a6b5681b4b6a07676f5ba5bd76326165b5050 | Triage

Sharing

General

Target

2736-47-0x0000000071AF0000-0x0000000072B52000-memory.dmp
Size

16.4MB
Sample

240218-2yptesfg32
MD5

8c6107b181ab54c82c55be85b3477d04
SHA1

4fc40eb31431b22c9a95f21d2e4c5975c726aeb9
SHA256

14e3ce7787c396d2dadfd8fe492a6b5681b4b6a07676f5ba5bd76326165b5050
SHA512

729940f8a6343e43ae99ff6d728beeca38c369b81a40e38eabe199184795fed1fae092041e5cb1c3c7cad67f7d8981b5684c506454e28ec50f8df806c6c989f3
SSDEEP

12288:KrX1GcA9yZ+CMtdXiXeX+RRWHs/Z+Jcv:IbA9yZ+CmX+RRWKZ

Score

10^/10

remcos grace

Malware Config

Extracted

Family

remcos

Botnet

GRACE

C2

eweo9264gtuiort.duckdns.org:35966

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
keylog_crypt
false
keylog_file
ghyhne.dat
keylog_flag
false
keylog_path
%AppData%
mouse_option
false
mutex
gtsyhbnj-ZGGA79
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  2736-47-0x0000000071AF0000-0x0000000072B52000-memory.dmp
- Size
  
  16.4MB
- MD5
  
  8c6107b181ab54c82c55be85b3477d04
- SHA1
  
  4fc40eb31431b22c9a95f21d2e4c5975c726aeb9
- SHA256
  
  14e3ce7787c396d2dadfd8fe492a6b5681b4b6a07676f5ba5bd76326165b5050
- SHA512
  
  729940f8a6343e43ae99ff6d728beeca38c369b81a40e38eabe199184795fed1fae092041e5cb1c3c7cad67f7d8981b5684c506454e28ec50f8df806c6c989f3
- SSDEEP
  
  12288:KrX1GcA9yZ+CMtdXiXeX+RRWHs/Z+Jcv:IbA9yZ+CmX+RRWKZ
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2