remcos | 8b93c4c8800ac0367a43a2f4f8eaba4bbec1aa6bedae88d01579c7cc2b0cb30c | Triage

Submit
Reports

Overview

overview

Static

static

8

8b93c4c880...0c.exe

windows7_x64

8b93c4c880...0c.exe

windows10-2004_x64

Sharing

General

Target

8b93c4c8800ac0367a43a2f4f8eaba4bbec1aa6bedae88d01579c7cc2b0cb30c
Size

430KB
Sample

220708-kalcnahbdn
MD5

9583c920a159d8f19aedc7f6cc962617
SHA1

65fe6878f09d62e129b10e06c0c7fc13b0cab366
SHA256

8b93c4c8800ac0367a43a2f4f8eaba4bbec1aa6bedae88d01579c7cc2b0cb30c
SHA512

702148105b084a1d28d402932858f1694b49ab1c244ba5584028218ec900bb38872b6ecdb3e9d137fff55909f8f10d21f0c0bbb2db4fbb103c37b1fe8ec563a0

Score

10^/10

remcos 07marzo2019 rat upx

Static task

static1

Behavioral task

behavioral1

Sample

8b93c4c8800ac0367a43a2f4f8eaba4bbec1aa6bedae88d01579c7cc2b0cb30c.exe

Resource

win7-20220414-en

remcos 07marzo2019 rat upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8b93c4c8800ac0367a43a2f4f8eaba4bbec1aa6bedae88d01579c7cc2b0cb30c.exe

Resource

win10v2004-20220414-en

remcos 07marzo2019 rat upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

Version

2.3.0 Pro

Botnet

07MARZO2019

C2

casillas.hicam.net:2404

casillasmx.chickenkiller.com:2404

casillas.libfoobar.so:2404

du4alr0ute.sendsmtp.com:2404

settings.wifizone.org:2404

wifi.con-ip.com:2404

rsaupdatr.jumpingcrab.com:2404

activate.office-on-the.net:2404

Attributes

audio_folder
audio
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
5
copy_file
remcos.exe
copy_folder
REM20
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
QHJEKFERG
keylog_path
%AppData%
mouse_option
false
mutex
07MARZO2019-EKOOFA
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
1
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title

Targets

- Target
  
  8b93c4c8800ac0367a43a2f4f8eaba4bbec1aa6bedae88d01579c7cc2b0cb30c
- Size
  
  430KB
- MD5
  
  9583c920a159d8f19aedc7f6cc962617
- SHA1
  
  65fe6878f09d62e129b10e06c0c7fc13b0cab366
- SHA256
  
  8b93c4c8800ac0367a43a2f4f8eaba4bbec1aa6bedae88d01579c7cc2b0cb30c
- SHA512
  
  702148105b084a1d28d402932858f1694b49ab1c244ba5584028218ec900bb38872b6ecdb3e9d137fff55909f8f10d21f0c0bbb2db4fbb103c37b1fe8ec563a0
Score

10^/10

remcos 07marzo2019 rat upx
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcos07marzo2019ratupx

behavioral2

remcos07marzo2019ratupx

© 2018-2024

Terms | Privacy