remcos | f657473052da6d9435ef7604646a7d027b1252ae6860a4a3bab7e791c5e41913 | Triage

Sharing

General

Target

2af952280c0ec3723136cfdf195a0e4f
Size

831KB
Sample

210915-hqya2saad3
MD5

2af952280c0ec3723136cfdf195a0e4f
SHA1

215ef3b73bc9221a84959681895f2dac9e18dad8
SHA256

f657473052da6d9435ef7604646a7d027b1252ae6860a4a3bab7e791c5e41913
SHA512

ae9becd575721846649a7323c35938ccf13489e338413113e26d8336b6da6eaa2d26f911ff18d8a47addd43381b187423d4dbc66b4d3a010290d8840f650ef9d

Score

10^/10

remcos sys32 rat

Malware Config

Extracted

Family

remcos

Version

3.2.0 Pro

Botnet

Sys32

C2

135.181.140.182:4783

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
install_path
%AppData%
keylog_crypt
true
keylog_file
logs.dat
keylog_flag
false
keylog_folder
Logs
keylog_path
%AppData%
mouse_option
false
mutex
SYS32-S57R8C
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
notepad;solitaire;

Targets

- Target
  
  2af952280c0ec3723136cfdf195a0e4f
- Size
  
  831KB
- MD5
  
  2af952280c0ec3723136cfdf195a0e4f
- SHA1
  
  215ef3b73bc9221a84959681895f2dac9e18dad8
- SHA256
  
  f657473052da6d9435ef7604646a7d027b1252ae6860a4a3bab7e791c5e41913
- SHA512
  
  ae9becd575721846649a7323c35938ccf13489e338413113e26d8336b6da6eaa2d26f911ff18d8a47addd43381b187423d4dbc66b4d3a010290d8840f650ef9d
Score

10^/10

remcos sys32 rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2