remcos | 262f89154949a9f8d41b8fdb4de1013f897e60ab83225f8f35783bee6a1d6557 | Triage

Sharing

General

Target

262F89154949A9F8D41B8FDB4DE1013F897E60AB83225F8F35783BEE6A1D6557
Size

888KB
Sample

221123-r2fd2sab45
MD5

f8430b32c4c0f837a21c81768df478dd
SHA1

48254b36f8507f1233779d9095eab1abbff6eaa6
SHA256

262f89154949a9f8d41b8fdb4de1013f897e60ab83225f8f35783bee6a1d6557
SHA512

25627d07193ecba40553e7ff07d131efc73af7eecec260a76de0af26c5bdddc934490887795945aadf78385d81758acab841ab6569bb652494b1a9041143b951
SSDEEP

12288:jd8qzJYIdqw2RKxMd6AJWws9+xLhxEWzPRWA2y70:B8qNYIJ2QK6AkwsMHzPQA2x

Score

10^/10

remcos manup rat

Malware Config

Extracted

Family

remcos

Botnet

manup

C2

91.193.75.188:60005

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-Y6KFVO
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  travel itinerary.exe
- Size
  
  380.0MB
- MD5
  
  184ae205be9e6fb8e0f1983b60a380e9
- SHA1
  
  468f1122eb96501c0378ed8f68e640e292aa066b
- SHA256
  
  43cd9c2e9581da86628691ce210a40d64bb35ee6d7d33f0315d56c6208017781
- SHA512
  
  7069ed4602d2d5dec8defa91bd5682f33e26b39452641ec3b594a00039551cc5b4e3cdb16821faa9e42aacd9b7941a333af3e87b9c8e90d4f15a0bee936a52e1
- SSDEEP
  
  12288:e5UGXhYEdgwIRIxudakJOws9IxdDdaWzHRkmM4:/GxYEfIqMakIwsYhzHCmM4
Score

10^/10

remcos manup rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2