General

  • Target

    ee82b7b58836ca1d52b2ea00259bfe5d991f30ed02ef308e0d75ba14f5c1dadc.exe

  • Size

    440KB

  • MD5

    afd6742f422fea043fee8597f23782e5

  • SHA1

    a07d265730836f7ca07a517b4c893aad12445272

  • SHA256

    ee82b7b58836ca1d52b2ea00259bfe5d991f30ed02ef308e0d75ba14f5c1dadc

  • SHA512

    7020e789ce7c82bb19a0c6f1202ab5a7d5d39db8909f6f68c48e0479cafc47f088e449b7595cc9c1f03225bf202ea2aeca99ed6b1b97f0b927a90f990b5b9155

  • SSDEEP

    6144:ah3o/YBjBU/gwxsTUXMynom2G0mCNqAUWLs6LQectYSgSiAOZZ41XklMcUi:ahmYB7wWTiMPmtsNqv2sKQglT/Z4uld

Score
10/10

Malware Config

Extracted

Family

remcos

Version

3.1.3 Pro

Botnet

RemoteHost

C2

duck50501.hopto.org:50501

Attributes
  • audio_folder

    MicRecords

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    Remcos-QZ529O

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

  • take_screenshot_title

    notepad;solitaire;

Signatures

  • Remcos family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ee82b7b58836ca1d52b2ea00259bfe5d991f30ed02ef308e0d75ba14f5c1dadc.exe
    .exe windows:5 windows x86 arch:x86

    409f5d6d64eccf1b9873a7c796c3f1ad


    Headers

    Imports

    Sections