General
-
Target
2508-582-0x0000000000480000-0x00000000014E2000-memory.dmp
-
Size
16.4MB
-
Sample
241216-sxykhatndz
-
MD5
af6a47fa61488f6299d842e310d2226b
-
SHA1
f9de3a8f92ccf5a9c451a95d99cfd73e522fec4e
-
SHA256
a6ac4f4fa4027b27dc40409e16ad4357d9dc1227de72f6a1f8dd657b5118b94d
-
SHA512
39610eb9572048e775146e5fabb4bd1c5871c2d6fa373a952a3a72fd5477baac89429918dc0b805399aaf524c5a962582f0ba3346642e6b6379a8f5b8c89638b
-
SSDEEP
12288:LKlOtfY8ktQGmWAXqJYIv4GidvJpfReyWQH+svZomql+DY:e8tgHtQnWAXCY8OfReyWQ9ZCs
Malware Config
Extracted
remcos
RemoteHost
162.251.122.87:2404
-
audio_folder
MicRecords
-
audio_path
ApplicationPath
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-UOMZ21
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2508-582-0x0000000000480000-0x00000000014E2000-memory.dmp
-
Size
16.4MB
-
MD5
af6a47fa61488f6299d842e310d2226b
-
SHA1
f9de3a8f92ccf5a9c451a95d99cfd73e522fec4e
-
SHA256
a6ac4f4fa4027b27dc40409e16ad4357d9dc1227de72f6a1f8dd657b5118b94d
-
SHA512
39610eb9572048e775146e5fabb4bd1c5871c2d6fa373a952a3a72fd5477baac89429918dc0b805399aaf524c5a962582f0ba3346642e6b6379a8f5b8c89638b
-
SSDEEP
12288:LKlOtfY8ktQGmWAXqJYIv4GidvJpfReyWQH+svZomql+DY:e8tgHtQnWAXCY8OfReyWQ9ZCs
Score1/10 -