Overview

overview

10

Static

static

1

RQKH087654...65.exe

windows7_x64

10

RQKH087654...65.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RQKH08765434560780098765.XZ

  • Size

    244KB

  • Sample

    211022-eh157abba7

  • MD5

    2449ec30ddbb33dfb6d6dc95e24eab41

  • SHA1

    8150a54e8e7a797764e0ed341e2d939f83789f7b

  • SHA256

    0cc48aff53488b65a76db7c4c4cb517865dfe121fee9b347462463ea4ba8870b

  • SHA512

    7cc40317431e9802b8406bf535b8cc9feaa1b032a827a4681f8f066e10856a629b7f02ade0ce2a225307a583dd318bb15ca9cde65716b0df23fa51c5b2e47f1c

Score
10/10
remcoshostrat

Malware Config

Extracted

Family

remcos

Version

1.7 Pro

Botnet

Host

C2

185.222.57.90:8780

Attributes
  • audio_folder

    audio

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    5

  • copy_file

    remcos.exe

  • copy_folder

    remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    remcos_rllxnwmcxxgutsl

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screens

  • screenshot_path

    %AppData%

  • screenshot_time

    1

  • startup_value

    remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

  • take_screenshot_title

Targets

    • Target

      RQKH08765434560780098765.exe

    • Size

      405KB

    • MD5

      d24341052b9c2846ce4ded275ca8945c

    • SHA1

      1b17684788b42c5bd981750d49b13d64cdc8e90a

    • SHA256

      831e7dcf43daa00beb78eb3d0afc5d67fed17aaecb04eb1e7267295d648acb8e

    • SHA512

      df87ed0e9164ee4d348ad79af48e31d513deb5f7ebc67c7a5e8f61b0c577d2bfc2ad80f63bd9cdf537846a3d296268db22fde81aa5e2e187d47dc54c0733f7a7

    Score
    10/10
    remcoshostrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks