General
-
Target
lucerne as at 28 Nov 2022.exe
-
Size
579KB
-
Sample
221203-r9v5gaea9t
-
MD5
796280ec19f4cabce99bbb14b4a43f28
-
SHA1
537bedfbb6f6f2b544bc4892437f4a6050d932a9
-
SHA256
eeb4e124303b10a370d6c20f70c17303dfe1cd6de4b255d85061804ad6902db0
-
SHA512
6afca105404a50684a9a4b37646b2bbd17339120849aad6f9c8ef8e2abc4d28ba6ad144195b3db1e676c3d7a3335751b134ed58397d62991895b04a9f6498eb8
-
SSDEEP
12288:VmwtkzfN9A6V20TKzB32n/3Ki0mGXq7mclWKpNCi/g:ltkzf3A6VR6O/OrXqicvN
Malware Config
Extracted
| Family |
remcos |
| Botnet |
awa |
| C2 |
gdyhjjdhbvxgsfe.gotdns.ch:2718 |
| Attributes |
audio_folder MicRecords
audio_record_time 5
connect_delay 0
connect_interval 1
copy_file remcos.exe
copy_folder Remcos
delete_file false
hide_file false
hide_keylog_file false
install_flag false
keylog_crypt false
keylog_file logs.dat
keylog_flag false
keylog_folder remcos
mouse_option false
mutex Rmc-J6C5A7
screenshot_crypt false
screenshot_flag false
screenshot_folder Screenshots
screenshot_path %AppData%
screenshot_time 10
startup_value Remcos
take_screenshot_option false
take_screenshot_time 5 |
Targets
-
-
Target
lucerne as at 28 Nov 2022.exe
-
Size
579KB
-
MD5
796280ec19f4cabce99bbb14b4a43f28
-
SHA1
537bedfbb6f6f2b544bc4892437f4a6050d932a9
-
SHA256
eeb4e124303b10a370d6c20f70c17303dfe1cd6de4b255d85061804ad6902db0
-
SHA512
6afca105404a50684a9a4b37646b2bbd17339120849aad6f9c8ef8e2abc4d28ba6ad144195b3db1e676c3d7a3335751b134ed58397d62991895b04a9f6498eb8
-
SSDEEP
12288:VmwtkzfN9A6V20TKzB32n/3Ki0mGXq7mclWKpNCi/g:ltkzf3A6VR6O/OrXqicvN
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Drops startup file
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation