remcos | 35604053d8089cb917f9ae3986edd6e119c2de531be97f98ea75b9b6fe18b977 | Triage

Sharing

General

Target

1908-21-0x0000000000400000-0x000000000047F000-memory.dmp
Size

508KB
Sample

241114-j63q5svqdy
MD5

6077d712645f1f1edfa8d8b9331ba6c4
SHA1

20feb9d5697af813434d207b25808b982e91bb84
SHA256

35604053d8089cb917f9ae3986edd6e119c2de531be97f98ea75b9b6fe18b977
SHA512

7c02fbd631dd5130f4779dc9d94049f3c685bd1c996e68dc8b5f517860c99a2115028765015e9bd95db2606c894d70b87cb26462512994f9fb75b7153b0b4850
SSDEEP

12288:buD09AUkNIGBYYv4eK13x13nZHSRVMf139F5wIB7+IwtHwBtVxbesvZDS:e09AfNIEYsunZvZ19Z

Score

10^/10

remcos gasplant

Malware Config

Extracted

Family

remcos

Botnet

GASPLANT

C2

dotatech.de:30908

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
chrome-SYTYBI
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  1908-21-0x0000000000400000-0x000000000047F000-memory.dmp
- Size
  
  508KB
- MD5
  
  6077d712645f1f1edfa8d8b9331ba6c4
- SHA1
  
  20feb9d5697af813434d207b25808b982e91bb84
- SHA256
  
  35604053d8089cb917f9ae3986edd6e119c2de531be97f98ea75b9b6fe18b977
- SHA512
  
  7c02fbd631dd5130f4779dc9d94049f3c685bd1c996e68dc8b5f517860c99a2115028765015e9bd95db2606c894d70b87cb26462512994f9fb75b7153b0b4850
- SSDEEP
  
  12288:buD09AUkNIGBYYv4eK13x13nZHSRVMf139F5wIB7+IwtHwBtVxbesvZDS:e09AfNIEYsunZvZ19Z
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2