General
-
Target
5108-212-0x0000000000400000-0x0000000000482000-memory.dmp
-
Size
520KB
-
Sample
240418-ys2dgsde29
-
MD5
d10f9d63921d2dd69d4b12d872d96992
-
SHA1
80a83ded4764e49e78397077cc9fb6d1de6e48ab
-
SHA256
34e2ac89184fed8da623bed95461e6678d7f54ad8fb1e0aa53a76ca7adf89e74
-
SHA512
3c0155337bae69ea3a8a2088909e2486a77d0f5063caebd67884a4489119797446af9537a3c2f13ce81e1ade840753c2b6d4e5ee3419b53883e42a589956b14b
-
SSDEEP
6144:C/7iPrcL3ArwhBq7Kjsn9iHGXg0lwGS9MNNhdFvPxps9gsAOZZuAXec7q7ov:C/uPq3AfK496Gw0lwGXN3pvs/Zun8v
Malware Config
Extracted
remcos
RemoteHost
remco8100.duckdns.org:8100
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-G51VNO
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
5108-212-0x0000000000400000-0x0000000000482000-memory.dmp
-
Size
520KB
-
MD5
d10f9d63921d2dd69d4b12d872d96992
-
SHA1
80a83ded4764e49e78397077cc9fb6d1de6e48ab
-
SHA256
34e2ac89184fed8da623bed95461e6678d7f54ad8fb1e0aa53a76ca7adf89e74
-
SHA512
3c0155337bae69ea3a8a2088909e2486a77d0f5063caebd67884a4489119797446af9537a3c2f13ce81e1ade840753c2b6d4e5ee3419b53883e42a589956b14b
-
SSDEEP
6144:C/7iPrcL3ArwhBq7Kjsn9iHGXg0lwGS9MNNhdFvPxps9gsAOZZuAXec7q7ov:C/uPq3AfK496Gw0lwGXN3pvs/Zun8v
Score1/10 -