General
-
Target
1732896907b22f994045698de3f6fe53bd4af19a163513106f97e2dc0ed6fccc6c69941a94544.dat-decoded.exe
-
Size
483KB
-
Sample
241129-twgq2azlap
-
MD5
cb32d88e0b49d1db4622373001e2d753
-
SHA1
bd81a5636f7c35ad2a3a5207320dc6f8486f310d
-
SHA256
b1ca571f365a1bbb855d967b78109d6744f79c21f7d81729091a1ba2ea6cda39
-
SHA512
25a10f0628b3510c7149f63397bdf889fd768df8bb1f60547d00223c0dcf56b489cbcd5e4b863846bc8f0be8c3fe1865bb5972e75fdb1b7d66d9cab7401730c7
-
SSDEEP
6144:cXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZsAX4cNf5Gv:cX7tPMK8ctGe4Dzl4h2QnuPs/ZsScv
Malware Config
Extracted
remcos
RemoteHost
rem0324.duckdns.org:1213
-
audio_folder
MicRecords
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-WGH0X6
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
1732896907b22f994045698de3f6fe53bd4af19a163513106f97e2dc0ed6fccc6c69941a94544.dat-decoded.exe
-
Size
483KB
-
MD5
cb32d88e0b49d1db4622373001e2d753
-
SHA1
bd81a5636f7c35ad2a3a5207320dc6f8486f310d
-
SHA256
b1ca571f365a1bbb855d967b78109d6744f79c21f7d81729091a1ba2ea6cda39
-
SHA512
25a10f0628b3510c7149f63397bdf889fd768df8bb1f60547d00223c0dcf56b489cbcd5e4b863846bc8f0be8c3fe1865bb5972e75fdb1b7d66d9cab7401730c7
-
SSDEEP
6144:cXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZsAX4cNf5Gv:cX7tPMK8ctGe4Dzl4h2QnuPs/ZsScv
Score3/10 -