remcos | 14b987879013f1396f3b15babb2c11c1a61985374e9d27cd4d6e523db6f534a4 | Triage

Sharing

General

Target

1308-49-0x0000000016090000-0x0000000017090000-memory.dmp
Size

16.0MB
Sample

240419-mzr8lsad2z
MD5

9d261e224c239d4278fba30af47fbe17
SHA1

b6f3e9d571f950ee03b1e67c573fb80a4b1ab133
SHA256

14b987879013f1396f3b15babb2c11c1a61985374e9d27cd4d6e523db6f534a4
SHA512

866ecba024a6b431f56823303b33a9d78aa31c388ea73aaae55f0e5b9c02b073cb87cb70d22e56d39f7a95d5db211342ef8d94dd13b289b332b3fc99e16e62a4
SSDEEP

12288:4Usf1rl/w6PRUAmaY/o7HWO0yEs/Zh5cv:oRl/w65UoHnTfZ

Score

10^/10

remcos remotehost

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

newpage44.mywire.org:5010

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
adode.exe
copy_folder
Skype
delete_file
true
hide_file
true
hide_keylog_file
false
install_flag
true
install_path
%Temp%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-3N0E9G
screenshot_crypt
false
screenshot_flag
true
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  1308-49-0x0000000016090000-0x0000000017090000-memory.dmp
- Size
  
  16.0MB
- MD5
  
  9d261e224c239d4278fba30af47fbe17
- SHA1
  
  b6f3e9d571f950ee03b1e67c573fb80a4b1ab133
- SHA256
  
  14b987879013f1396f3b15babb2c11c1a61985374e9d27cd4d6e523db6f534a4
- SHA512
  
  866ecba024a6b431f56823303b33a9d78aa31c388ea73aaae55f0e5b9c02b073cb87cb70d22e56d39f7a95d5db211342ef8d94dd13b289b332b3fc99e16e62a4
- SSDEEP
  
  12288:4Usf1rl/w6PRUAmaY/o7HWO0yEs/Zh5cv:oRl/w65UoHnTfZ
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

remotehostremcos

behavioral1

behavioral2