General
-
Target
2136-7-0x0000000000400000-0x0000000000482000-memory.dmp
-
Size
520KB
-
MD5
6945d09ba9e789487cf8e4c757ad6d51
-
SHA1
899dfc08b09c83df0055afe84a15ae8cc8997cf6
-
SHA256
dea22833f94d85fb8bbee7a443dabe3df2d76a10922522891aee4bfdf8f4fc84
-
SHA512
2f408fb1ff66a011e2e2d01d7510d6b6616c62e27f5d05ea5d29a8521df6d1e78bbb9bffd0d216c02fea989849301d3262b664e22c9ba22abc2cdab77adb01a9
-
SSDEEP
6144:+XIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHRsAOZZDAXYcQc5Gv:+X7tPMK8ctGe4Dzl4h2Qnuns/ZD+cv
Score
10/10
Malware Config
Extracted
Family
remcos
Botnet
RemoteHost
C2
etriath.com:5020
Attributes
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
skype.exe
-
copy_folder
skype
-
delete_file
true
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%WinDir%\System32
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-MB9FUF
-
screenshot_crypt
false
-
screenshot_flag
true
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Signatures
-
Remcos family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2136-7-0x0000000000400000-0x0000000000482000-memory.dmp
Headers
Sections