General
-
Target
3836-62-0x0000000000E00000-0x0000000002054000-memory.dmp
-
Size
18.3MB
-
Sample
241104-hvrdaswlhy
-
MD5
955bcda8253ba682a41b2d23d8d2e907
-
SHA1
c7651cbc8b1b29a68149eea5817a957ca1190535
-
SHA256
4bb23adba590c693c95c57aaef0200035e9175491d070fd13d337e0896986106
-
SHA512
60a84df3b02a5b16907d8ecb1bf727741f88068844a946d24592bf7b2d77210c49ee92d008cea7c71fb26aabdcd10afedc28f05d98f62be11fd63062aab74e75
-
SSDEEP
12288:narA9A0kNoGBYYv4+qVXRBH5xtIsvZDyt+DY:arA9A/NoEYsuH5xtDZ+s
Behavioral task
behavioral1
Sample
3836-62-0x0000000000E00000-0x0000000002054000-memory.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3836-62-0x0000000000E00000-0x0000000002054000-memory.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
remcos
RemoteHost
ris4sts8yan0i.duckdns.org:23458
-
audio_folder
MicRecords
-
audio_path
ApplicationPath
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-LAZAF7
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
3836-62-0x0000000000E00000-0x0000000002054000-memory.dmp
-
Size
18.3MB
-
MD5
955bcda8253ba682a41b2d23d8d2e907
-
SHA1
c7651cbc8b1b29a68149eea5817a957ca1190535
-
SHA256
4bb23adba590c693c95c57aaef0200035e9175491d070fd13d337e0896986106
-
SHA512
60a84df3b02a5b16907d8ecb1bf727741f88068844a946d24592bf7b2d77210c49ee92d008cea7c71fb26aabdcd10afedc28f05d98f62be11fd63062aab74e75
-
SSDEEP
12288:narA9A0kNoGBYYv4+qVXRBH5xtIsvZDyt+DY:arA9A/NoEYsuH5xtDZ+s
Score1/10 -