General
-
Target
2708-129-0x0000000015E70000-0x0000000016E70000-memory.dmp
-
Size
16.0MB
-
Sample
240424-2wtplabb8z
-
MD5
d023b34d523cd5a017b161b7613884bd
-
SHA1
0014b4bca46b1e2bac1371996bb7138634c7d024
-
SHA256
6af3783c745552d011d333e2cc64be0678e80f2baabf01fdba2466cc83a14111
-
SHA512
1fbd7177e206a468444726b41a56b652c587bd7a8667275fcccd6cb89c4c469a95cd0da23e6f914df8d9f73c6f948aee9326493bcbffb00cd1321cf7bdcd0c9e
-
SSDEEP
6144:/4UrTJy6b/UpK+UuTac/Z5DWLuzlNKq0Ghkzc5+qsAOZZBAXhQcHC5Gv:/vrVywssNCacR5DWLkKx2s/ZBvcv
Behavioral task
behavioral1
Sample
2708-129-0x0000000015E70000-0x0000000016E70000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2708-129-0x0000000015E70000-0x0000000016E70000-memory.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
remcos
RemoteHost
127.0.0.1:47212
officerem.duckdns.org:47212
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-I8N3XG
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2708-129-0x0000000015E70000-0x0000000016E70000-memory.dmp
-
Size
16.0MB
-
MD5
d023b34d523cd5a017b161b7613884bd
-
SHA1
0014b4bca46b1e2bac1371996bb7138634c7d024
-
SHA256
6af3783c745552d011d333e2cc64be0678e80f2baabf01fdba2466cc83a14111
-
SHA512
1fbd7177e206a468444726b41a56b652c587bd7a8667275fcccd6cb89c4c469a95cd0da23e6f914df8d9f73c6f948aee9326493bcbffb00cd1321cf7bdcd0c9e
-
SSDEEP
6144:/4UrTJy6b/UpK+UuTac/Z5DWLuzlNKq0Ghkzc5+qsAOZZBAXhQcHC5Gv:/vrVywssNCacR5DWLkKx2s/ZBvcv
Score1/10 -