Overview

overview

10

Static

static

10

1908-87-0x...ry.exe

windows7-x64

1908-87-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1908-87-0x0000000000470000-0x00000000014D2000-memory.dmp

  • Size

    16.4MB

  • MD5

    aac7a9e40573cb923de74f7ca2598ddc

  • SHA1

    2d2ab7116af8ec13c3e08878cfc51d62de1608a3

  • SHA256

    c71a0897bc9d6d75551b1bd613bd8c3780f25230de01a3571653e01224909069

  • SHA512

    a090ed2a829094a4123caa7aab677a069ada0d2831ec4f4d908a3a0643d6113743b26c7fe7d3f9fbe55192f8a4ac6d46e6e2810e70d83b25f7a55f0b8f9bc121

  • SSDEEP

    12288:AEWh0KaZ/B3YKBr0Q++oD8bbDUs/Z5Fcv:WyZp3YKt0gbDvZ

Score
10/10
ceyeremcos

Malware Config

Extracted

Family

remcos

Botnet

CEYE

C2

64.188.26.202:1604

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    Vexploio.exe

  • copy_folder

    Vexplo

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    true

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-RXKA3P

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
    remcos
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1908-87-0x0000000000470000-0x00000000014D2000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections