General
-
Target
2840-19-0x0000000000400000-0x0000000000482000-memory.dmp
-
Size
520KB
-
Sample
240428-pgd95sfh8y
-
MD5
ebd472055127d874933fdb2d04e09e1f
-
SHA1
6cd2cf43bc43cbac1f51e1119b6b5dae96f472f1
-
SHA256
25be0c7d1a39de542c435a146c731320fe50170197b09313c3493f5b79fd166f
-
SHA512
f2d12c69063348cef3472e7f2db8f38f76279f4a46a1a1f99cc38f2730c92cb01382b058d7d84936862f5c03a658b8b1a2ba1bda9f32892e25fe5fa89066d415
-
SSDEEP
6144:AXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZsAX4cNi5Gv:AX7tPMK8ctGe4Dzl4h2QnuPs/ZsXcv
Behavioral task
behavioral1
Sample
2840-19-0x0000000000400000-0x0000000000482000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2840-19-0x0000000000400000-0x0000000000482000-memory.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
remcos
RemoteHost
64.188.22.11:2404
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-10FYXY
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2840-19-0x0000000000400000-0x0000000000482000-memory.dmp
-
Size
520KB
-
MD5
ebd472055127d874933fdb2d04e09e1f
-
SHA1
6cd2cf43bc43cbac1f51e1119b6b5dae96f472f1
-
SHA256
25be0c7d1a39de542c435a146c731320fe50170197b09313c3493f5b79fd166f
-
SHA512
f2d12c69063348cef3472e7f2db8f38f76279f4a46a1a1f99cc38f2730c92cb01382b058d7d84936862f5c03a658b8b1a2ba1bda9f32892e25fe5fa89066d415
-
SSDEEP
6144:AXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZsAX4cNi5Gv:AX7tPMK8ctGe4Dzl4h2QnuPs/ZsXcv
Score1/10 -