General

  • Target

    574886754fee218e6e04abfd57608d45.exe

  • Size

    970KB

  • Sample

    221124-x53lmsea36

  • MD5

    574886754fee218e6e04abfd57608d45

  • SHA1

    2fb47d1f6b0fd08745707e0bffef4132f7dbc0b8

  • SHA256

    377992d8853161f9ea2d23e0bcebcc069e97ac9c0f498b8459a24ecc4c4c937f

  • SHA512

    097e5775acff67f6b4f1a18bcb0fd44a3b1eb0a6c7821757649281af7e3f15411f2110ed72a78742b1ebfbd1456f52dd0fa81158722e5f89a2333984a544a8ce

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

BALLER

C2

91.192.100.48:1979

Attributes
audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-2RPM8Z
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

    • Target

      574886754fee218e6e04abfd57608d45.exe

    • Size

      970KB

    • MD5

      574886754fee218e6e04abfd57608d45

    • SHA1

      2fb47d1f6b0fd08745707e0bffef4132f7dbc0b8

    • SHA256

      377992d8853161f9ea2d23e0bcebcc069e97ac9c0f498b8459a24ecc4c4c937f

    • SHA512

      097e5775acff67f6b4f1a18bcb0fd44a3b1eb0a6c7821757649281af7e3f15411f2110ed72a78742b1ebfbd1456f52dd0fa81158722e5f89a2333984a544a8ce

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation