remcos | 6be21d313550d7fd38b39158f7ba4b4af6004f8846e4bcba71152e2631c5ce8a | Triage

Sharing

General

Target

1372-21-0x0000000000400000-0x000000000047F000-memory.dmp
Size

508KB
Sample

240516-sq1raaaf71
MD5

356ba02cdba6e02480d2b1f4bc4ae69d
SHA1

56f21a6d0306c59080a5546c54efdd806236e237
SHA256

6be21d313550d7fd38b39158f7ba4b4af6004f8846e4bcba71152e2631c5ce8a
SHA512

e1a7bc958f8683f8a73280e17bacfd6dee7ed6d148e7df92e5e1b5a90971c296ed09cc195ae877cafc702c9bfeb457fef454981c2a56eb63be913e75416d999f
SSDEEP

12288:Wmnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSOn9:uiLJbpI7I2WhQqZ7O9

Score

10^/10

remcos 76364

Malware Config

Extracted

Family

remcos

Botnet

76364

C2

103.150.8.12:5689

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-FF0K7G
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  1372-21-0x0000000000400000-0x000000000047F000-memory.dmp
- Size
  
  508KB
- MD5
  
  356ba02cdba6e02480d2b1f4bc4ae69d
- SHA1
  
  56f21a6d0306c59080a5546c54efdd806236e237
- SHA256
  
  6be21d313550d7fd38b39158f7ba4b4af6004f8846e4bcba71152e2631c5ce8a
- SHA512
  
  e1a7bc958f8683f8a73280e17bacfd6dee7ed6d148e7df92e5e1b5a90971c296ed09cc195ae877cafc702c9bfeb457fef454981c2a56eb63be913e75416d999f
- SSDEEP
  
  12288:Wmnk7iLJbpIpiRL6I2WhSKQ9ZsfZQSOn9:uiLJbpI7I2WhQqZ7O9
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2