remcos | 77f56c0cc0f923dd763e4028d33bcb0d300e15c485602954b81d6a39ec1993ae | Triage

Sharing

General

Target

95205b407cd86cd1b2ddd85bfdaa67d9434c1757e9e8f9fc6b990eb78387f4ee.zip
Size

1007KB
Sample

230321-r4qmssde4y
MD5

c1ae877a4895053924e4ae74418bd96e
SHA1

752b97acd4373654b97ff18e2f705c8ad3e0b12e
SHA256

77f56c0cc0f923dd763e4028d33bcb0d300e15c485602954b81d6a39ec1993ae
SHA512

027a9f078493ae6ae560a0d0ae1167ff5fa6c8836870855168ff4b0311f2fecade134e90eba4401d259c04a4a9d58987db062b3116651cf15aca40295800a20f
SSDEEP

24576:kuce1JOhceCIp1TtnOC/dQWT8tfOYcGMaORvt:kupJDebdne48to5aORvt

Score

10^/10

remcos remotehost rat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

51.75.209.245:2406

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-52YOYG
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  95205b407cd86cd1b2ddd85bfdaa67d9434c1757e9e8f9fc6b990eb78387f4ee.exe
- Size
  
  2.1MB
- MD5
  
  e03579a0e6f2881617a05ce524fe6176
- SHA1
  
  dd88c2948daf226985b6048deaa9ad577c7f2370
- SHA256
  
  95205b407cd86cd1b2ddd85bfdaa67d9434c1757e9e8f9fc6b990eb78387f4ee
- SHA512
  
  6cf5d6d4046ede733a3eb43f9815166ef9b105063019616c8a6dbb30a8ad74af6ee02af12e1174af982ca76ffe297172b0ce2306b3b22c79f85ef1542892c54d
- SSDEEP
  
  24576:ch3MhcNM1O05764Ym/GSdToQbE9roTuOFGydJ8MQ:chcPN6SZDwkA
Score

10^/10

remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

remcosremotehostrat