General
-
Target
ae9384f6fc3fea2276f6897e910a5d5b7a3ad995420363788815e0754ff9469f
-
Size
429KB
-
MD5
f20d14ea889df6490d81db79d57a9b19
-
SHA1
c9654e2a5e67205c4a7e3cac67676246bd9735f7
-
SHA256
ae9384f6fc3fea2276f6897e910a5d5b7a3ad995420363788815e0754ff9469f
-
SHA512
5c251039426f083a7480c7bfb6339a017979fca5ad0ea318fc7e9da23a74a58729c916d300759733343c6e48c8009fb48b46c744b94ef3b0048e09cb204779df
-
SSDEEP
6144:H+d2+U+8RRJorR7zu6tF9x46YGg83lgnbJHZFXUU01yC5wJ/3AO2HyXGcKcOlLuf:H+d3UGddn4F83l0JjXUU0kXAHTcALuf
Score
10/10
Malware Config
Extracted
Family
remcos
Version
5.3.0 Light
Botnet
Prueba
C2
192.168.10.1:2404
Attributes
-
audio_folder
MicRecords
-
audio_path
ApplicationPath
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
registros.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-7OXI1T
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Capturas de pantalla
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Signatures
-
Remcos family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
ae9384f6fc3fea2276f6897e910a5d5b7a3ad995420363788815e0754ff9469f
6e326715b064080305ea2c7299a1a146
Headers
Imports
Sections