General
-
Target
3744-63-0x0000000000CA0000-0x0000000001EF4000-memory.dmp
-
Size
18.3MB
-
Sample
241106-tj9w2swjbl
-
MD5
848a204af67e1ba12f6449c3929de35e
-
SHA1
5cf74629d9d0e1552b91875e9e9d667c436d08ba
-
SHA256
3a14e25b432d75914e1c0348d64363252c8fe8409cf027c121cafb0e93e84ac0
-
SHA512
b8e205db0760552a161da5542121b51d4afd26e246d1a5beea42020915f94530181b2c1967958aa0f8c8ad62b884265a1521b91549038334acce6afb591bb42b
-
SSDEEP
12288:/K1o9oe9w66OGhYgvwo0rd7/5wA8CFwYsvZz8L+DY:S1o9oB66OgYUO5wAV0Z2s
Malware Config
Extracted
remcos
RemoteHost
a458386d9.duckdns.org:3256
-
audio_folder
MicRecords
-
audio_path
ApplicationPath
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-4EN793
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
3744-63-0x0000000000CA0000-0x0000000001EF4000-memory.dmp
-
Size
18.3MB
-
MD5
848a204af67e1ba12f6449c3929de35e
-
SHA1
5cf74629d9d0e1552b91875e9e9d667c436d08ba
-
SHA256
3a14e25b432d75914e1c0348d64363252c8fe8409cf027c121cafb0e93e84ac0
-
SHA512
b8e205db0760552a161da5542121b51d4afd26e246d1a5beea42020915f94530181b2c1967958aa0f8c8ad62b884265a1521b91549038334acce6afb591bb42b
-
SSDEEP
12288:/K1o9oe9w66OGhYgvwo0rd7/5wA8CFwYsvZz8L+DY:S1o9oB66OgYUO5wAV0Z2s
Score1/10 -