General
-
Target
1612-50-0x0000000000E00000-0x0000000001E00000-memory.dmp
-
Size
16.0MB
-
Sample
240527-pqm9eacb6v
-
MD5
12b8d19a31a5394eaa5cfba66cca7323
-
SHA1
a84a63eb9d894e47ffb42684cc9b4ac106bacf05
-
SHA256
034254199dbb58f4184973ee2c0be775406bff98789c5540bf17186376eae89b
-
SHA512
8285148fa8a5f8ebd980fce644803e0bc066b24984d2a5de1ed67a9c41fa52db4f31c73780665f864a14b928705788ef3fad9ca35d00787deeb0cd145002609c
-
SSDEEP
6144:7gJkN3/sI3duVWga2De455TFYBgDnwQs4BwjIH2sAOZZsAXYcJD5GvPvI:7rNPsqccNme4jTFYBWwnns/ZsOcvnI
Malware Config
Extracted
remcos
RemoteHost
fsts.duckdns.org:1985
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
yiuhjg
-
mouse_option
false
-
mutex
Rmc-ZUDCLG
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
1612-50-0x0000000000E00000-0x0000000001E00000-memory.dmp
-
Size
16.0MB
-
MD5
12b8d19a31a5394eaa5cfba66cca7323
-
SHA1
a84a63eb9d894e47ffb42684cc9b4ac106bacf05
-
SHA256
034254199dbb58f4184973ee2c0be775406bff98789c5540bf17186376eae89b
-
SHA512
8285148fa8a5f8ebd980fce644803e0bc066b24984d2a5de1ed67a9c41fa52db4f31c73780665f864a14b928705788ef3fad9ca35d00787deeb0cd145002609c
-
SSDEEP
6144:7gJkN3/sI3duVWga2De455TFYBgDnwQs4BwjIH2sAOZZsAXYcJD5GvPvI:7rNPsqccNme4jTFYBWwnns/ZsOcvnI
Score1/10 -