General
-
Target
3652-4-0x0000000000400000-0x000000000047F000-memory.dmp
-
Size
508KB
-
MD5
bec1282397df52237bc4685bceda5e51
-
SHA1
a089adad9e14a5f4128c4dac6e48e989240241ee
-
SHA256
4b7026faaeb59bd8f0be89d786b39cb91dbe6a3d560f85ccd926a28caf558066
-
SHA512
829aad22a47c49df5edca90fb9417403d6115bf606d873b0d962a91ac2cf5da141620e77c319a964a8ff94c5738ec1a5d245eefd592d3cb5da2426c7085ab939
-
SSDEEP
12288:VuD09AUkNIGBYYv4eK13x13nZHSRVMf139F5wIB7+IwtHwBtVxbesvZDS9+DY:409AfNIEYsunZvZ19ZKs
Score
10/10
Malware Config
Extracted
Family
remcos
Botnet
RemoteHost
C2
www.ogc-oman.com:2404
Attributes
-
audio_folder
MicRecords
-
audio_path
ApplicationPath
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcthfufn
-
mouse_option
false
-
mutex
Rmc-KCC3QZ
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Signatures
-
Remcos family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
3652-4-0x0000000000400000-0x000000000047F000-memory.dmp
Headers
Sections