General

  • Target

    e5f662cfb991bb883da1cd920b511f4f2d7556c9b1a4e072b74c19457940547e

  • Size

    265KB

  • MD5

    7ec4978871a14a4f368741b8e996459e

  • SHA1

    e6d2a49acebf33433d34321cd61ec959c4e91f59

  • SHA256

    e5f662cfb991bb883da1cd920b511f4f2d7556c9b1a4e072b74c19457940547e

  • SHA512

    4f31df9b93c32f0056b8fa805e22765b7d22b387b0fdefc986b01596eaf43c1e1afa43242d08c2f9fe3cd8c4346f9de959ee8d40387a52ceac06713fbcf19359

  • SSDEEP

    6144:jiLRrUIDd+FXAuM5m4wg2Fj/UdjElTfGg6UIw:jOz+5AuM5m4l2tU+TGlw

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

Remote

C2

leetboy.dynuddns.net:1998

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    svcs.exe

  • copy_folder

    microsofts

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    true

  • install_flag

    true

  • install_path

    %AppData%

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    logsa

  • mouse_option

    false

  • mutex

    Rmc-3XK1S0

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • e5f662cfb991bb883da1cd920b511f4f2d7556c9b1a4e072b74c19457940547e
    .zip

    Password: infected

  • 03ba551339062106448ff58cbc393338483439513ec8439497bf47153e13f4b7.exe
    .exe windows:5 windows x86 arch:x86

    8d5087ff5de35c3fbb9f212b47d63cad


    Headers

    Imports

    Sections