Overview

overview

10

Static

static

10

2852-21-0x...ry.exe

windows7-x64

2852-21-0x...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2852-21-0x0000000000400000-0x000000000047F000-memory.dmp

  • Size

    508KB

  • MD5

    192002afe7dd6527527d86e2d022260c

  • SHA1

    7a0f2476bf094950e0b78d4ac9045cfcdf924e96

  • SHA256

    f771641d111f6fd91d48ff5e98fe39ce12ab7ea0cf72d1481e3691fdedbc24e8

  • SHA512

    de8a16d19c673a87c6dd4156b04e52aebc37e49d5314a71b7d87c480026ab3f4ae9b633b723ccafbe0a059f697e9cbc2b7baeceef50aea2ac5e8b58fbf743851

  • SSDEEP

    12288:Obmnk7iLJbpIpiRL6I2W9KQ9ZsfZQSDn9:uiLJbpI7I2W/qZ7D9

Score
10/10
hostremcos

Malware Config

Extracted

Family

remcos

Botnet

Host

C2

oyo.work.gd:3142

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    vlc

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    pdf

  • mouse_option

    false

  • mutex

    jkm-I9KENP

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    ios

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
    remcos
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2852-21-0x0000000000400000-0x000000000047F000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections