Overview

overview

10

Static

static

10

2736-47-0x...ry.exe

windows7-x64

2736-47-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2736-47-0x0000000071AF0000-0x0000000072B52000-memory.dmp

  • Size

    16.4MB

  • MD5

    8c6107b181ab54c82c55be85b3477d04

  • SHA1

    4fc40eb31431b22c9a95f21d2e4c5975c726aeb9

  • SHA256

    14e3ce7787c396d2dadfd8fe492a6b5681b4b6a07676f5ba5bd76326165b5050

  • SHA512

    729940f8a6343e43ae99ff6d728beeca38c369b81a40e38eabe199184795fed1fae092041e5cb1c3c7cad67f7d8981b5684c506454e28ec50f8df806c6c989f3

  • SSDEEP

    12288:KrX1GcA9yZ+CMtdXiXeX+RRWHs/Z+Jcv:IbA9yZ+CmX+RRWKZ

Score
10/10
graceremcos

Malware Config

Extracted

Family

remcos

Botnet

GRACE

C2

eweo9264gtuiort.duckdns.org:35966

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    true

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    ghyhne.dat

  • keylog_flag

    false

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    gtsyhbnj-ZGGA79

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
    remcos
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2736-47-0x0000000071AF0000-0x0000000072B52000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections