remcos | a7366f4c99bb81a39cdf9f0523079fcf17f89a04371974ef8b0add94acc6ac6c | Triage

Sharing

General

Target

a7366f4c99bb81a39cdf9f0523079fcf17f89a04371974ef8b0add94acc6ac6c
Size

238KB
Sample

220521-n5185seff4
MD5

0c6ef5f37f2066ca41ba324b4904d1fe
SHA1

5fb9f005cb1382919c7f376bb1d60de78ff6ca6d
SHA256

a7366f4c99bb81a39cdf9f0523079fcf17f89a04371974ef8b0add94acc6ac6c
SHA512

9ebe04fb6ba59923a1791eeffa389fac73f806fd1302353022315c660e0b1674600bd5b608dabe627536020c103d6656e1f54c324241f3c883fd754795390e27

Score

10^/10

remcos limecrypter-2 rat

Malware Config

Extracted

Family

remcos

Version

2.5.1 Pro

Botnet

LIMECRYPTER-2

C2

www.valjan.in:5200

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
valjan
keylog_path
%AppData%
mouse_option
false
mutex
valjan-T1D3NL
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
wikipedia;solitaire;

Targets

- Target
  
  SHIPPING_DOCUMENTS_0001202931.exe
- Size
  
  291KB
- MD5
  
  94b2988b5446a35c848ec952129efdfb
- SHA1
  
  b880819d8f88c0382ddfb4073b927f0e0ec2bf97
- SHA256
  
  97950fbe40dd26ac4eabd641e8bae0fc8f23ce04e3c4cf06ad5e451389b80556
- SHA512
  
  36f8616ddc85b54b3d68ca1fda746433062aac9e8f92545539c445c862faf92b34073b51b2d18cc65b8c3fe6153b999d1b8853d847e76c85a8abc8c5f5edbb25
Score

10^/10

remcos limecrypter-2 rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcoslimecrypter-2rat

behavioral2

remcoslimecrypter-2rat