General

  • Target

    7dba26d2529748088ba90c7c3b0d374649ac3b2efb2380608b7b5f012993f82a.exe

  • Size

    482KB

  • MD5

    f055c74729b56c8a7147af1ef0526932

  • SHA1

    8b85b9046049f7c0e8b93b0ba2b9351e58a07f98

  • SHA256

    7dba26d2529748088ba90c7c3b0d374649ac3b2efb2380608b7b5f012993f82a

  • SHA512

    6dc43afa3828e58d808fd792b639de7c96a12991f7336bb755ab22361b7dcc3f931f45988f3cdfba5db84928a61e3df2db53d95802fa6c333ff84d16570c4638

  • SSDEEP

    6144:bTz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZmAX4crCT4:bTlrYw1RUh3NFn+N5WfIQIjbs/ZmNT4

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

NedDay

C2

212.162.149.163:2404

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    1210

  • mouse_option

    false

  • mutex

    Rmc-52K54M

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 7dba26d2529748088ba90c7c3b0d374649ac3b2efb2380608b7b5f012993f82a.exe
    .exe windows:5 windows x86 arch:x86

    1389569a3a39186f3eb453b501cfe688


    Headers

    Imports

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.