General
-
Target
1928-232-0x0000000000400000-0x0000000000482000-memory.dmp
-
Size
520KB
-
Sample
240522-wyeessbf6x
-
MD5
4942d3297fd6e2868815d9650e1aa726
-
SHA1
528e53beb5e6cb31361a149aff2aea9a2fa76b97
-
SHA256
ab0c7561661b499d905015158c60e02566750c4df4eb156ad911c42e642b3617
-
SHA512
968323cf614597d92b70f5157bcfe7ac0c6bb16f9899a0cb1d52b929c4a83c9b7280535e2dee0a8456a5daefff33bfaf0827b3d9c43b10da1e141a0a65f5c66c
-
SSDEEP
6144:UXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHEsAOZZDAXYcPSa5Gv:UX7tPMK8ctGe4Dzl4h2Qnuus/ZDEcv
Behavioral task
behavioral1
Sample
1928-232-0x0000000000400000-0x0000000000482000-memory.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1928-232-0x0000000000400000-0x0000000000482000-memory.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
remcos
RemoteHost
107.172.31.6:1070
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-5YSTYW
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
1928-232-0x0000000000400000-0x0000000000482000-memory.dmp
-
Size
520KB
-
MD5
4942d3297fd6e2868815d9650e1aa726
-
SHA1
528e53beb5e6cb31361a149aff2aea9a2fa76b97
-
SHA256
ab0c7561661b499d905015158c60e02566750c4df4eb156ad911c42e642b3617
-
SHA512
968323cf614597d92b70f5157bcfe7ac0c6bb16f9899a0cb1d52b929c4a83c9b7280535e2dee0a8456a5daefff33bfaf0827b3d9c43b10da1e141a0a65f5c66c
-
SSDEEP
6144:UXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHEsAOZZDAXYcPSa5Gv:UX7tPMK8ctGe4Dzl4h2Qnuus/ZDEcv
Score1/10 -