remcos | 43cd9c2e9581da86628691ce210a40d64bb35ee6d7d33f0315d56c6208017781 | Triage

Sharing

General

Target

itinerary.exe
Size

380.0MB
Sample

221118-meyjwshb67
MD5

184ae205be9e6fb8e0f1983b60a380e9
SHA1

468f1122eb96501c0378ed8f68e640e292aa066b
SHA256

43cd9c2e9581da86628691ce210a40d64bb35ee6d7d33f0315d56c6208017781
SHA512

7069ed4602d2d5dec8defa91bd5682f33e26b39452641ec3b594a00039551cc5b4e3cdb16821faa9e42aacd9b7941a333af3e87b9c8e90d4f15a0bee936a52e1
SSDEEP

12288:e5UGXhYEdgwIRIxudakJOws9IxdDdaWzHRkmM4:/GxYEfIqMakIwsYhzHCmM4

Score

10^/10

remcos manup rat

Malware Config

Extracted

Family

remcos

Botnet

manup

C2

91.193.75.188:60005

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-Y6KFVO
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  itinerary.exe
- Size
  
  380.0MB
- MD5
  
  184ae205be9e6fb8e0f1983b60a380e9
- SHA1
  
  468f1122eb96501c0378ed8f68e640e292aa066b
- SHA256
  
  43cd9c2e9581da86628691ce210a40d64bb35ee6d7d33f0315d56c6208017781
- SHA512
  
  7069ed4602d2d5dec8defa91bd5682f33e26b39452641ec3b594a00039551cc5b4e3cdb16821faa9e42aacd9b7941a333af3e87b9c8e90d4f15a0bee936a52e1
- SSDEEP
  
  12288:e5UGXhYEdgwIRIxudakJOws9IxdDdaWzHRkmM4:/GxYEfIqMakIwsYhzHCmM4
Score

10^/10

remcos manup rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2