General
-
Target
2896-16-0x0000000000200000-0x0000000000282000-memory.dmp
-
Size
520KB
-
Sample
240411-tepqbaab71
-
MD5
4f4f57b71850efe7abda1047c818dd43
-
SHA1
5a3538e137fc92c8b0df096a385bac396ffd17fd
-
SHA256
bbfb706039f9dfe343baa8ac0a8f8be2c18ddfd7adb1b56694841884ace3941f
-
SHA512
1d116ef28691fb0142d535cee67d9455b8a356133586aca871503da946772bbba78d8aca2d0667b7f3d198275afc28aa37343f2ed4aae74851a5252345148c54
-
SSDEEP
6144:8XIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZsAX4cN:8X7tPMK8ctGe4Dzl4h2QnuPs/Zs
Malware Config
Extracted
remcos
RemoteHost
81.17.17.70:1198
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
windowsfiles.exe
-
copy_folder
windowsfiles
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
windowsfiles
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Rmc-NMB4R7
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2896-16-0x0000000000200000-0x0000000000282000-memory.dmp
-
Size
520KB
-
MD5
4f4f57b71850efe7abda1047c818dd43
-
SHA1
5a3538e137fc92c8b0df096a385bac396ffd17fd
-
SHA256
bbfb706039f9dfe343baa8ac0a8f8be2c18ddfd7adb1b56694841884ace3941f
-
SHA512
1d116ef28691fb0142d535cee67d9455b8a356133586aca871503da946772bbba78d8aca2d0667b7f3d198275afc28aa37343f2ed4aae74851a5252345148c54
-
SSDEEP
6144:8XIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZsAX4cN:8X7tPMK8ctGe4Dzl4h2QnuPs/Zs
Score1/10 -