General
-
Target
2484-93-0x0000000016290000-0x0000000017290000-memory.dmp
-
Size
16.0MB
-
Sample
240422-m8c52sae72
-
MD5
a87f07288f478d5fe07c0443bf70be50
-
SHA1
2f7dce8ed0c7e31c23392fe7b37c288a6f96d2a6
-
SHA256
6a2420ee164887e70fe1fcc05c95ef0bc89b061523278c0e37b2ea82e140a51d
-
SHA512
90dfcb852f8e6d23f783dc94d331bb6d617a71f6fc0b5a6ddc7ab8539455ccc2ba97989ceb3c5c69cf425eb3cc25b52aec1752518d14eb14c0ff75ac207d28ab
-
SSDEEP
6144:41uMG8VNnzwIjcpgwGUAMf164fIoHOn2qiSn5VbgsAOZZhEX/caf5Gv:40MfVxfwaZUAMN64fIbnn2s/ZhKcv
Behavioral task
behavioral1
Sample
2484-93-0x0000000016290000-0x0000000017290000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2484-93-0x0000000016290000-0x0000000017290000-memory.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
remcos
RemoteHost
127.0.0.1:47212
officerem.duckdns.org:47212
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-I8N3XG
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2484-93-0x0000000016290000-0x0000000017290000-memory.dmp
-
Size
16.0MB
-
MD5
a87f07288f478d5fe07c0443bf70be50
-
SHA1
2f7dce8ed0c7e31c23392fe7b37c288a6f96d2a6
-
SHA256
6a2420ee164887e70fe1fcc05c95ef0bc89b061523278c0e37b2ea82e140a51d
-
SHA512
90dfcb852f8e6d23f783dc94d331bb6d617a71f6fc0b5a6ddc7ab8539455ccc2ba97989ceb3c5c69cf425eb3cc25b52aec1752518d14eb14c0ff75ac207d28ab
-
SSDEEP
6144:41uMG8VNnzwIjcpgwGUAMf164fIoHOn2qiSn5VbgsAOZZhEX/caf5Gv:40MfVxfwaZUAMN64fIbnn2s/ZhKcv
Score1/10 -