General
-
Target
3044-4-0x0000000000400000-0x000000000048A000-memory.dmp
-
Size
552KB
-
MD5
a7bac14be1371ec27e7aa9f013b993ed
-
SHA1
dd6e3317ce9bada0b20aada6e82e5a2b690c9549
-
SHA256
3f55fedaa2bf30d62a64863df4b87193bfda452040994872da030fc817ca1558
-
SHA512
49fae8df13e55256964da22fd21b34eb28a64b89d5dcf496d4d55b2b2f1b71206ac4b3065d9036b9dde1d58b837519bb3192b811d1adf33b11e76097818cbdeb
-
SSDEEP
6144:WXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoH4sAOZZsAXIRju:WX7tPMK8ctGe4Dzl4h2Qnuqs/Zs
Score
10/10
Malware Config
Extracted
Family
remcos
Botnet
CAT
C2
zoonm.ddns.net:35890
Attributes
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
vlc.exe
-
copy_folder
vlc
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
chrorne-VRZEW3
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Signatures
-
Remcos family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
3044-4-0x0000000000400000-0x000000000048A000-memory.dmp
Headers
Sections