remcos | 98abd7f84c22e3099ec7082adc2a9737ee22ba7b17c2405b721eda08682f0a9f | Triage

Sharing

General

Target

2268-573-0x0000000000470000-0x00000000014D2000-memory.dmp
Size

16.4MB
Sample

241107-nc1f5s1elf
MD5

3094a3dfcd445188473b4eb695f4dda7
SHA1

1b4a99a6c2efa9c78fbb7de745d76ad3ae0a1490
SHA256

98abd7f84c22e3099ec7082adc2a9737ee22ba7b17c2405b721eda08682f0a9f
SHA512

1dc636990662ad25a5110a6c63f5121f1674f51a448d1fb0111a5cb2cf7c975fcccc6670966b854fe55ce883e57147dee618944578318db0ff08318e4a6a451c
SSDEEP

12288:VORdsp0DnGZYWvGpLcY8AYgLjGjsvZjBj+DY:cRdsODnkYu+YgLjnZZs

Score

10^/10

remcos reborn

Malware Config

Extracted

Family

remcos

Botnet

ReBorn

C2

gerfourt99lahjou2.duckdns.org:3487

gerfourt99lahjou2.duckdns.org:3488

gerfourt99lahjou3.duckdns.org:3487

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
keylog_crypt
false
keylog_file
ksaourts.dat
keylog_flag
false
keylog_path
%AppData%
mouse_option
false
mutex
ksajoutr-WG0CPT
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  2268-573-0x0000000000470000-0x00000000014D2000-memory.dmp
- Size
  
  16.4MB
- MD5
  
  3094a3dfcd445188473b4eb695f4dda7
- SHA1
  
  1b4a99a6c2efa9c78fbb7de745d76ad3ae0a1490
- SHA256
  
  98abd7f84c22e3099ec7082adc2a9737ee22ba7b17c2405b721eda08682f0a9f
- SHA512
  
  1dc636990662ad25a5110a6c63f5121f1674f51a448d1fb0111a5cb2cf7c975fcccc6670966b854fe55ce883e57147dee618944578318db0ff08318e4a6a451c
- SSDEEP
  
  12288:VORdsp0DnGZYWvGpLcY8AYgLjGjsvZjBj+DY:cRdsODnkYu+YgLjnZZs
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2