remcos | 0601a48107f6ecb6cb579438545ca53f41fc658e454170aa210cbf8ca4859e73 | Triage

Sharing

General

Target

64435d2876fa2446f1c84647450355fb.exe
Size

463KB
Sample

220119-s2ggsabbbn
MD5

64435d2876fa2446f1c84647450355fb
SHA1

0a0cf7d11dea54534a2df4cd6cca980b862ae9af
SHA256

0601a48107f6ecb6cb579438545ca53f41fc658e454170aa210cbf8ca4859e73
SHA512

992cd8f5496e574b0d15f76ee12608fbafedc2447ce16e2ba214f174b96a2f6231b9d84db9df61665e03dfeebb60c5039727f72ec6714d6a41eba8af122d7c88

Score

10^/10

remcos test rat

Malware Config

Extracted

Family

remcos

Version

3.3.2 Pro

Botnet

test

C2

dynasty1.ddns.net:2404

dynasty2.ddns.net:2404

dynasty3.ddns.net:2404

sumav1.hopto.org:2404

sumav2.hopto.org:2404

sumag.hopto.org:2404

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%AppData%
mouse_option
false
mutex
hkdsbdbcjdgdsgsbsbsh-Z4G1UT
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
wikipedia;solitaire;

Targets

- Target
  
  64435d2876fa2446f1c84647450355fb.exe
- Size
  
  463KB
- MD5
  
  64435d2876fa2446f1c84647450355fb
- SHA1
  
  0a0cf7d11dea54534a2df4cd6cca980b862ae9af
- SHA256
  
  0601a48107f6ecb6cb579438545ca53f41fc658e454170aa210cbf8ca4859e73
- SHA512
  
  992cd8f5496e574b0d15f76ee12608fbafedc2447ce16e2ba214f174b96a2f6231b9d84db9df61665e03dfeebb60c5039727f72ec6714d6a41eba8af122d7c88
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2