remcos | f991fbe11f9f6ef4d84cc34821df38a163ea08d4aeb4a0fad8202627d8267785 | Triage

Sharing

General

Target

f991fbe11f9f6ef4d84cc34821df38a163ea08d4aeb4a0fad8202627d8267785
Size

299KB
Sample

220521-n44ymshgdr
MD5

083a443c2acdd8191fee1a1db65a820f
SHA1

3eda27ea31a22f57fce6e8f22b665f2f912378db
SHA256

f991fbe11f9f6ef4d84cc34821df38a163ea08d4aeb4a0fad8202627d8267785
SHA512

1360a203e0f0da5cb4f9caf880760eb99f652aae128c02967cdd5d0084be340f7f43ba4bf28c00bb230b4766d92eadbb4c920d81b154ac48bbbe1a99109041ab

Score

10^/10

remcos limacrypter-3 rat

Malware Config

Extracted

Family

remcos

Version

2.5.1 Pro

Botnet

LIMACRYPTER-3

C2

www.envisiensintl.com:5200

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos202
keylog_path
%AppData%
mouse_option
false
mutex
Lima202Remcos-SIR4O7
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
wikipedia;solitaire;

Targets

- Target
  
  NEW_Purchasing_Order_00036501201321.exe
- Size
  
  384KB
- MD5
  
  a68fb0475aee23aa7e1154b5055bddc1
- SHA1
  
  c3e5e872e3579b8c53aee2dc2bf9b288d70a05db
- SHA256
  
  d455d29b53451b46b3c2cdb273e460d74b9d43f35d8fafeccc0590ed508269d1
- SHA512
  
  934efd84ceb8f619c7b399684ff3b6be2809b91b64fbec4fcf7cbf2df7ce93c7bf3001c339cdcb2325ff431b1d1384c99b94c281f55995144879f01a547ebe9f
Score

10^/10

remcos limacrypter-3 rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcoslimacrypter-3rat

behavioral2

remcoslimacrypter-3rat