remcos | c50fdedeb99bd961d5a358311df95cd862025c196e7ca0c7f8baf5e05ece5819 | Triage

Sharing

General

Target

400000.RegSvcs
Size

459KB
Sample

211118-qec5qsdbak
MD5

3d9c6effc5e8e312f9e9109b7e2caf40
SHA1

d26e1fa6c5fc61d900b178a3de65ba0e547837f1
SHA256

c50fdedeb99bd961d5a358311df95cd862025c196e7ca0c7f8baf5e05ece5819
SHA512

cb0a4d3ff70b5194fe820d068f01f0ea6264ef578234f8a07abac114d83e16d6c5fc00e94071f546d8df03586ca1784e4c9700bb4f9c762c1d80560423185fc2

Score

10^/10

remcos sys32

Malware Config

Extracted

Family

remcos

Version

3.3.0 Pro

Botnet

Sys32

C2

65.21.127.164:4783

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
Logs
keylog_path
%AppData%
mouse_option
false
mutex
Sys32-DRYO8T
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
notepad;solitaire;

Targets

- Target
  
  400000.RegSvcs
- Size
  
  459KB
- MD5
  
  3d9c6effc5e8e312f9e9109b7e2caf40
- SHA1
  
  d26e1fa6c5fc61d900b178a3de65ba0e547837f1
- SHA256
  
  c50fdedeb99bd961d5a358311df95cd862025c196e7ca0c7f8baf5e05ece5819
- SHA512
  
  cb0a4d3ff70b5194fe820d068f01f0ea6264ef578234f8a07abac114d83e16d6c5fc00e94071f546d8df03586ca1784e4c9700bb4f9c762c1d80560423185fc2
Score

3^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2