Overview

overview

10

Static

static

279a5520e7...60.exe

windows7-x64

10

279a5520e7...60.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    279a5520e7a1f0e9cd54f730f98bf529eb303651d556816ecec42e4144509d60.zip

  • Size

    419KB

  • Sample

    221114-lq5xnsge75

  • MD5

    0ab6c465567321577d3724a9fa1fe6d1

  • SHA1

    7c55c0a3618b2f06f85ba08f5010a0bb1b55b350

  • SHA256

    350e526cd6244181cc01ae49f9e1195f8c5e8133184e6f6510bce597a092f7a1

  • SHA512

    1242e0538c4e600ff58ee8edc714f47397a37d1f6e5906d362dc9f655fb6864f9b0e7b709796cd655eeb9aedafdca62b48d64a0bd3d620d970b1815c61b4a141

  • SSDEEP

    12288:gUdVD3msLOEwWow+K/M0mAXWUN8A6vrPyE/lVjzL:BLDMEwHw+uXWeRAuEvjzL

Score
10/10
remcosnew rem stubrat

Malware Config

Extracted

Family

remcos

Botnet

NEW REM STUB

C2

valvesco.duckdns.org:5050

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-48V73L

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      279a5520e7a1f0e9cd54f730f98bf529eb303651d556816ecec42e4144509d60.exe

    • Size

      1.4MB

    • MD5

      ea2e3b149dd6de773ed15ad7d0333588

    • SHA1

      2d29d0e21f65e44e2c3d4b494732534fe08bd47d

    • SHA256

      279a5520e7a1f0e9cd54f730f98bf529eb303651d556816ecec42e4144509d60

    • SHA512

      af50f958bb4adba8549a3477e93470931e6a8ad0f502a92d8716e2b7c84baef38f8a5c3d47338e93fe0d3278bce315d5819926697c819f361cc212671029af73

    • SSDEEP

      6144:tVGj5lTE4UU/A0ci44pPambmNO79Q/qENFr9peTeNha9Z8cjHdF+WiTM:mBTNQdTM

    Score
    10/10
    remcosnew rem stubrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks