General
-
Target
2136-172-0x0000000000EA0000-0x0000000001EA0000-memory.dmp
-
Size
16.0MB
-
Sample
240527-qq11yaeb3w
-
MD5
44004c722833fc57a7aaa6a468684397
-
SHA1
c98db25b13dd68a207a66b815f05bc443869678a
-
SHA256
81ff125429ab314b3a59e18f249995f13880a54ed23fa9de448fcf664fab1217
-
SHA512
1d9fd5b7c576560f4eac581e3375c40fca5243cdb02382df8fe6faa77aa3c0b251b01c5608f9c805c9374f297b8d29ca91a2f9cdf4955f2e0cd77013132a2576
-
SSDEEP
12288:RBrfq8KYfTfIOQ5D1zefRS2j3ts/ZkzcvGLcTv:fHKYfTfIOcv2j38ZnTv
Behavioral task
behavioral1
Sample
2136-172-0x0000000000EA0000-0x0000000001EA0000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2136-172-0x0000000000EA0000-0x0000000001EA0000-memory.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
remcos
RemoteHost
br-remco.is-a-knight.org:57208
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-MM4UDG
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2136-172-0x0000000000EA0000-0x0000000001EA0000-memory.dmp
-
Size
16.0MB
-
MD5
44004c722833fc57a7aaa6a468684397
-
SHA1
c98db25b13dd68a207a66b815f05bc443869678a
-
SHA256
81ff125429ab314b3a59e18f249995f13880a54ed23fa9de448fcf664fab1217
-
SHA512
1d9fd5b7c576560f4eac581e3375c40fca5243cdb02382df8fe6faa77aa3c0b251b01c5608f9c805c9374f297b8d29ca91a2f9cdf4955f2e0cd77013132a2576
-
SSDEEP
12288:RBrfq8KYfTfIOQ5D1zefRS2j3ts/ZkzcvGLcTv:fHKYfTfIOcv2j38ZnTv
Score1/10 -