General
-
Target
2684-22-0x0000000000400000-0x000000000047F000-memory.dmp
-
Size
508KB
-
Sample
250109-s2944atkez
-
MD5
f095a489323f731c9a7205547c4ef2cb
-
SHA1
a5a3bc508a60d1934a6a61da8c95fe27d0fd7dc7
-
SHA256
db2baf662ea73f1220f6c353868dce9bf36b2973ca858ecef8d6b8eb5246184e
-
SHA512
66bcfa53571d4e7eedf4847e97b076e93c98dd9e8d344d049eb5ce6627258cff0618f156e2f2bc7226d3b87b654548dedf87282190df156dbb11cb4c52097a23
-
SSDEEP
12288:b9PgP3HAMwIGjY4vce6lnBthn5HSRVMf139F5woxr+IwtHwBtFhCsvZD5Y+P32:J43HfwIGYMcn5PJrZW+
Malware Config
Extracted
remcos
RemcoHost
31.13.224.237:2404
-
audio_folder
MicRecords
-
audio_path
ApplicationPath
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-VETI36
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2684-22-0x0000000000400000-0x000000000047F000-memory.dmp
-
Size
508KB
-
MD5
f095a489323f731c9a7205547c4ef2cb
-
SHA1
a5a3bc508a60d1934a6a61da8c95fe27d0fd7dc7
-
SHA256
db2baf662ea73f1220f6c353868dce9bf36b2973ca858ecef8d6b8eb5246184e
-
SHA512
66bcfa53571d4e7eedf4847e97b076e93c98dd9e8d344d049eb5ce6627258cff0618f156e2f2bc7226d3b87b654548dedf87282190df156dbb11cb4c52097a23
-
SSDEEP
12288:b9PgP3HAMwIGjY4vce6lnBthn5HSRVMf139F5woxr+IwtHwBtFhCsvZD5Y+P32:J43HfwIGYMcn5PJrZW+
Score1/10 -