Overview

overview

10

Static

static

039308d471...6c.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    leetµµ.7z

  • Size

    97KB

  • Sample

    220123-tvtzzagbh7

  • MD5

    35087bf0ef0ea4bbb83adee67f265f41

  • SHA1

    9d5effbea631b178cb691be3087133cae06ff30c

  • SHA256

    7945af6330f9db4cc74c1ec96949eb3e4f934f1283c1db38c639035cd91c6047

  • SHA512

    89ef0e456634187a4ff2482213d618ba79c41836a30e3379352980eb742744b0b95309e49a5092406ca14166d9306a1f5289cf62eb3ea99d5cf8ad0ac98f16e2

Score
10/10
remcosmxsvrat

Malware Config

Extracted

Family

remcos

Version

1.9.2 Pro

Botnet

MXSV

C2

casillas.hicam.net:2404

casillasmx.chickenkiller.com:2404

casillas45.hopto.org:2404

casillas.libfoobar.so:2404

du4alr0ute.sendsmtp.com:2404
Attributes
  • audio_folder

    audio

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    5

  • copy_file

    remcos.exe

  • copy_folder

    remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    rem92-P9KLDM

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    1

  • startup_value

    remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

  • take_screenshot_title

Targets

    • Target

      039308d47114c1bc4976d88869edf65d7f0658cb11a9eca534123578219b8c6c

    • Size

      140KB

    • MD5

      c756a2338f5a176d3980852b6314dc7e

    • SHA1

      a2d3e69abc628a43c02e7538d31023d3138fd0bd

    • SHA256

      039308d47114c1bc4976d88869edf65d7f0658cb11a9eca534123578219b8c6c

    • SHA512

      336d2a871149d487de7c2fc9887ff381305076caaed6865cf313fe69c694b57ca9872f74dde137a345563ab7ec00f93ad3643e40298cb17f74059182a935ace0

    Score
    10/10
    remcosmxsvrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks