General
-
Target
1040-47-0x00000000169E0000-0x00000000179E0000-memory.dmp
-
Size
16.0MB
-
Sample
240409-k7c3jsbd98
-
MD5
3775ea1ac759e51e6f0194e36ca248d8
-
SHA1
45d19bc66803d2e558b854fd774893f7a47db59e
-
SHA256
90e2f69fbf29619940c8a35528a122635c63dd9fcbad46305c684a452920e8fe
-
SHA512
6cb764f424b8613b527e5d13be4931fefe2ea6427db193816127917db18d0163df735f0bcbdcc79e3b8af05b3e3f9b543f7e3492784e65fbbfb41807c0f55b2a
-
SSDEEP
6144:5EURzCUPoooSJqjVScqmbS8LKCRHVsls+6TbwcMkZkbMTvS4sAOZZvYXUcTE5Gv:5/RnorSw4JaS8THVsl6w7Is/ZvDcv
Malware Config
Extracted
remcos
RemoteHost
127.0.0.1:47212
officerem.duckdns.org:47212
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-I8N3XG
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
1040-47-0x00000000169E0000-0x00000000179E0000-memory.dmp
-
Size
16.0MB
-
MD5
3775ea1ac759e51e6f0194e36ca248d8
-
SHA1
45d19bc66803d2e558b854fd774893f7a47db59e
-
SHA256
90e2f69fbf29619940c8a35528a122635c63dd9fcbad46305c684a452920e8fe
-
SHA512
6cb764f424b8613b527e5d13be4931fefe2ea6427db193816127917db18d0163df735f0bcbdcc79e3b8af05b3e3f9b543f7e3492784e65fbbfb41807c0f55b2a
-
SSDEEP
6144:5EURzCUPoooSJqjVScqmbS8LKCRHVsls+6TbwcMkZkbMTvS4sAOZZvYXUcTE5Gv:5/RnorSw4JaS8THVsl6w7Is/ZvDcv
Score1/10 -