Overview

overview

10

Static

static

Remittance...df.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Remittance Copy_pdf.iso

  • Size

    766KB

  • Sample

    220809-bwp4asahel

  • MD5

    4565304f2d4bd60d3332f7c67530ba41

  • SHA1

    353dc76bdb2cdcda53befce8f549f16113b0543e

  • SHA256

    458dbbb070a84bdccdd187fd98d6569a736305ad489a2c2f144f2938b709100e

  • SHA512

    6c261fc3b9609b81c4a57b46225decdf48a673608fa4ca16f31c57d808fc8408fd4a39dfd85c50cbbf2dfb252cf2bdf2e5fa9aec6bfc4041009109d7293d5388

Score
10/10
remcosnewsrat

Malware Config

Extracted

Family

remcos

Version

3.1.5 Pro

Botnet

NEWS

C2

catomaaaaa.freedynamicdns.org:6603

Attributes
  • audio_folder

    MicRecords

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    Remcos-670V4G

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

  • take_screenshot_title

    notepad;solitaire;

Targets

    • Target

      Remittance Copy_pdf.exe

    • Size

      712KB

    • MD5

      c7df9d8848c6c6dea9e0292ebdaad137

    • SHA1

      c4442176ea93ddb86d1fba5753ba55225ee2c796

    • SHA256

      1133c1d7d534c7b57c50869c73c5ac1c5bf2f9b2cf4fabadb7a0d3b4cac52754

    • SHA512

      5a4efb04841a0955e4c1c36b00a028e72b8f18c51cbf98738ac8d27164f76492cb9e4e4b72882b4eba879f63d368dd5df5051c24125dd109cf2bbe97342062ee

    Score
    10/10
    remcosnewsrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks