General
-
Target
1940-74-0x0000000000400000-0x0000000000615000-memory.dmp
-
Size
2.1MB
-
MD5
6b56c972f0de2919154694bb3323fee6
-
SHA1
5f9bfbe4d6449f473e10c76dc07b423a490db3bf
-
SHA256
92c553e31de764968083d024e6ea6e380d1ca45dfceb1c450149a9928f2e3e7f
-
SHA512
d2f3fb5873aefe35005161da86a2680ea5c4eb701db44baa0ce5e76c990cddbc4eff314da403ba3cc90ebfa07081221b7599159364b9748c3620f98c53fe01cc
-
SSDEEP
12288:31EZT90uNQzYgScBvnn/XpM4s/ZRsOhX:FcTiuazYgr/XpMDZuK
Score
10/10
Malware Config
Extracted
Family
remcos
Botnet
Awelle-Host
C2
gdyhjjdhbvxgsfe.gotdns.ch:2718
Attributes
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Rmc-W62KZF
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Signatures
-
Remcos family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1940-74-0x0000000000400000-0x0000000000615000-memory.dmp
Headers
Sections