remcos | 656798de9a312f93d3865a35750fc46e8fb382054c32dcdab85d9f49d2801bab | Triage

Sharing

General

Target

SPECIFICATIONS DOCS 2021.20.10.rar
Size

649KB
Sample

211021-anb12aafak
MD5

69cc13463c8567ec19852dacc6dfeba8
SHA1

161516cc818212c285d5873daec54b60e5c03d26
SHA256

656798de9a312f93d3865a35750fc46e8fb382054c32dcdab85d9f49d2801bab
SHA512

0db0ffef63849ede7cb3b95efcf7290e9c5ced05c206fd53979ebc67c6911ca15df445a94c462ad1c0ca47f9238d4bac23317d19262ba1b692081d969eda68e6

Score

10^/10

remcos servers rat

Malware Config

Extracted

Family

remcos

Version

3.1.4 Pro

Botnet

servers

C2

kashbilly2.ddns.net:6060

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%AppData%
mouse_option
false
mutex
Remcos-XI8GX1
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
notepad;solitaire;

Targets

- Target
  
  SPECIFICATIONS DOCS 2021.20.10.exe
- Size
  
  706KB
- MD5
  
  d3f5cc4888e982cef9efbce21c381960
- SHA1
  
  27232e77ad11ba1797d4ef7aa966cb31bdef7cbe
- SHA256
  
  54d9e04a23e8117c940b8e6e46335aec76138fe38bc6423207ef98223516a0f9
- SHA512
  
  8107ddfce14d3e4c38e64f18ce5ba8cb35dc1e5e6299928d345076ed94a4d99117f93941393aec99977f281ac56894a75d7c1925934c2cd7d984d5afe4a106c2
Score

10^/10

remcos servers rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcosserversrat

behavioral2

remcosserversrat