remcos | 383f6ffeb727943af4e96cc93ab2615b14fd8b09c7e376aebc455ef82913f07f | Triage

Submit
Reports

Overview

overview

Static

static

FRT-2022-D...1).exe

windows7-x64

FRT-2022-D...1).exe

windows10-2004-x64

Sharing

General

Target

FRT-2022-DDSP00001-B(01).exe
Size

1023KB
Sample

220926-jwj62sbbdn
MD5

57f76540f090fe4e9e5141317a8136e1
SHA1

cc8c7a739fb0a26e6d0e55f5107fc76ea3345a10
SHA256

383f6ffeb727943af4e96cc93ab2615b14fd8b09c7e376aebc455ef82913f07f
SHA512

5a07fe45b8c58aa3148d4e0559992f596fa24d95b53fc2a9bc56130231b9c1af18cefb67181ce6f93281fdc87fe974110a3204ea7b030866c63f5436b90fc78b
SSDEEP

12288:x/yEifpu0utgokp/WWd/HRmwQkuL5v6YNHC/AAyRp3LBBTgqKmdUsF:ByEihvuFBWhswnuLXM/AAUpsq4sF

Score

10^/10

remcos new rem stub collection rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

FRT-2022-DDSP00001-B(01).exe

Resource

win7-20220812-en

remcos new rem stub collection rat spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

FRT-2022-DDSP00001-B(01).exe

Resource

win10v2004-20220812-en

remcos new rem stub collection rat spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

NEW REM STUB

C2

valvesco.duckdns.org:5050

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-48V73L
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  FRT-2022-DDSP00001-B(01).exe
- Size
  
  1023KB
- MD5
  
  57f76540f090fe4e9e5141317a8136e1
- SHA1
  
  cc8c7a739fb0a26e6d0e55f5107fc76ea3345a10
- SHA256
  
  383f6ffeb727943af4e96cc93ab2615b14fd8b09c7e376aebc455ef82913f07f
- SHA512
  
  5a07fe45b8c58aa3148d4e0559992f596fa24d95b53fc2a9bc56130231b9c1af18cefb67181ce6f93281fdc87fe974110a3204ea7b030866c63f5436b90fc78b
- SSDEEP
  
  12288:x/yEifpu0utgokp/WWd/HRmwQkuL5v6YNHC/AAyRp3LBBTgqKmdUsF:ByEihvuFBWhswnuLXM/AAUpsq4sF
Score

10^/10

remcos new rem stub collection rat spyware stealer
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

remcosnew rem stubcollectionratspywarestealer

behavioral2

remcosnew rem stubcollectionratspywarestealer

© 2018-2024

Terms | Privacy