remcos | 40c6b25dd6c033fde6d303ee582875d841aa8512b687cc44239c9a3b02442b6b | Triage

Submit
Reports

Overview

overview

Static

static

STATEMENT ...NT.exe

windows7_x64

STATEMENT ...NT.exe

windows10_x64

Sharing

General

Target

STATEMENT OF ACCOUNT.exe
Size

597KB
Sample

211102-qwk7nscfe6
MD5

21bd99d63b9cd76385e029c259d1b152
SHA1

5dcee9b26fb55110b93debeaf3ca18c43b342aea
SHA256

40c6b25dd6c033fde6d303ee582875d841aa8512b687cc44239c9a3b02442b6b
SHA512

58ddce73c5a36a48f345d5cc68c0620e44688184e7b70caca72ee634a6285b762174e43228f324f5ccca04f26f89cd5ffc0449368634a52b3f3b1416a92de9de

Score

10^/10

remcos remcos microsoft evasion phishing rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

STATEMENT OF ACCOUNT.exe

Resource

win7-en-20210920

remcos remcos microsoft evasion phishing rat trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

STATEMENT OF ACCOUNT.exe

Resource

win10-en-20210920

remcos remcos microsoft evasion phishing rat trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

Version

3.3.0 Pro

Botnet

Remcos

C2

172.111.153.167:2404

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
luck.exe
copy_folder
luck
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
install_path
%WinDir%\System32
keylog_crypt
true
keylog_file
logs.dat
keylog_flag
false
keylog_folder
JRE
keylog_path
%AppData%
mouse_option
false
mutex
Remcos-HORXKI
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
notepad;solitaire;

Targets

- Target
  
  STATEMENT OF ACCOUNT.exe
- Size
  
  597KB
- MD5
  
  21bd99d63b9cd76385e029c259d1b152
- SHA1
  
  5dcee9b26fb55110b93debeaf3ca18c43b342aea
- SHA256
  
  40c6b25dd6c033fde6d303ee582875d841aa8512b687cc44239c9a3b02442b6b
- SHA512
  
  58ddce73c5a36a48f345d5cc68c0620e44688184e7b70caca72ee634a6285b762174e43228f324f5ccca04f26f89cd5ffc0449368634a52b3f3b1416a92de9de
Score

10^/10

remcos remcos microsoft evasion phishing rat trojan upx
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- UAC bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

remcosremcosmicrosoftevasionphishingrattrojanupx

behavioral2

remcosremcosmicrosoftevasionphishingrattrojanupx

© 2018-2024

Terms | Privacy