General
-
Target
2025-04-04_f2649720c21512ffddbcbef4331ba8f1_amadey_black-basta_cobalt-strike_luca-stealer_remcos
-
Size
487KB
-
Sample
250404-gt8era1wft
-
MD5
f2649720c21512ffddbcbef4331ba8f1
-
SHA1
ac7cabd38bbd3680c14c1428f0f82cb696b6fea9
-
SHA256
2b60f09ca9aa1e3772a621d2dd2ec07a6357a05d12b0490a4c8850c1ac4fbf17
-
SHA512
a154d97bcf8a6a875dccd7f56e2734db3c764ace912aba5b487c273afeec25264b125dc13be9340c82d59bd75648809554426f7c19896a97c676a1c2a5d81e12
-
SSDEEP
6144:iIlSCa0RPvRz+n8Qr1D0ZGESuHabmvHOE4mCp6qtydBnP+Y4+3sAORZ/FXvXc6wJ:i200OFp+G0imvHn3Cp6qyBP+YdsvZ/m
Malware Config
Extracted
remcos
RemoteHost
johngavin2311860.ddns.net:7276
-
audio_folder
MicRecords
-
audio_path
ApplicationPath
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
mouse_option
false
-
mutex
Rmc-XT3I28
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
2025-04-04_f2649720c21512ffddbcbef4331ba8f1_amadey_black-basta_cobalt-strike_luca-stealer_remcos
-
Size
487KB
-
MD5
f2649720c21512ffddbcbef4331ba8f1
-
SHA1
ac7cabd38bbd3680c14c1428f0f82cb696b6fea9
-
SHA256
2b60f09ca9aa1e3772a621d2dd2ec07a6357a05d12b0490a4c8850c1ac4fbf17
-
SHA512
a154d97bcf8a6a875dccd7f56e2734db3c764ace912aba5b487c273afeec25264b125dc13be9340c82d59bd75648809554426f7c19896a97c676a1c2a5d81e12
-
SSDEEP
6144:iIlSCa0RPvRz+n8Qr1D0ZGESuHabmvHOE4mCp6qtydBnP+Y4+3sAORZ/FXvXc6wJ:i200OFp+G0imvHn3Cp6qyBP+YdsvZ/m
Score3/10 -