General

  • Target

    4348-28-0x0000000000400000-0x0000000000482000-memory.dmp

  • Size

    520KB

  • Sample

    241101-v5t86atbmg

  • MD5

    ec2ee8344ad6debd41cb7d9c16671300

  • SHA1

    9657805b3b031b27e8a898d324c3253f81353986

  • SHA256

    41ed152f5114e196df5a316a8292110c0dfce2d312c732d247ff0a2821b86611

  • SHA512

    87615a85cad1b4dd6f59d4f7ca31c7b84cb94ed175ce2c8f224d0a2c7f21dda1983f78662f3b1c17124aae2a9735e9e7bb4eafde824e9791adaf931513f451a4

  • SSDEEP

    6144:SXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHRsAOZZsAX4cGY5Gv:SX7tPMK8ctGe4Dzl4h2Qnuns/Zs8cv

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

107.173.4.16:8787

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-KZRQJH

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      4348-28-0x0000000000400000-0x0000000000482000-memory.dmp

    • Size

      520KB

    • MD5

      ec2ee8344ad6debd41cb7d9c16671300

    • SHA1

      9657805b3b031b27e8a898d324c3253f81353986

    • SHA256

      41ed152f5114e196df5a316a8292110c0dfce2d312c732d247ff0a2821b86611

    • SHA512

      87615a85cad1b4dd6f59d4f7ca31c7b84cb94ed175ce2c8f224d0a2c7f21dda1983f78662f3b1c17124aae2a9735e9e7bb4eafde824e9791adaf931513f451a4

    • SSDEEP

      6144:SXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHRsAOZZsAX4cGY5Gv:SX7tPMK8ctGe4Dzl4h2Qnuns/Zs8cv

    Score
    1/10

MITRE ATT&CK Matrix

Tasks