Overview

overview

10

Static

static

10

2504-46-0x...ry.exe

windows7-x64

2504-46-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2504-46-0x0000000000450000-0x00000000014B2000-memory.dmp

  • Size

    16.4MB

  • MD5

    4e16262f7aad82de793fc9c1cd04a10d

  • SHA1

    6312a9a8a7b32c4aacc52c2706f199ca986be0c4

  • SHA256

    1b893487a91fb40d4c2637cdc5add4d85eb9385dbe17021d52a8daf8eb507466

  • SHA512

    0753d1eee4225f0a1e4a279b3406d1a60f0b3ffd7bb4bb713d8b8651b75a119727adbe448bdc449c491ac972e6bf97da48586cf2596a8f0bba54d0581e11111b

  • SSDEEP

    12288:lC92223nX58sjgAksa9Gxdjzrxs/ZVlcv:s92XX58sjgkdvrwZ

Score
10/10
clientremcos

Malware Config

Extracted

Family

remcos

Botnet

CLIENT

C2

107.150.18.202:2404

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-J3QQTH

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
    remcos
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2504-46-0x0000000000450000-0x00000000014B2000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections