remcos | fc0e7c3770a7c1452c62d071a8a59c81638c403f4841a7422d3b6e50934d29ee | Triage

Sharing

General

Target

tmp
Size

1.3MB
Sample

230327-mfdwwach93
MD5

ea0ed22b74d388edcd12502bbd551765
SHA1

b2feee85b1c25c2b1323f19041f39a6aecb1da52
SHA256

fc0e7c3770a7c1452c62d071a8a59c81638c403f4841a7422d3b6e50934d29ee
SHA512

082c84902046488c0dfee9e8d0d5da7e4c4be63bc53c6500b2f6c69e63548dedff63a8c8b2f03f388892c3ba2c2d24da1e156fa166b0370aaf77c147d87b7148
SSDEEP

24576:evZvdf5lrRtHeaSQMuaGhqBnARdrqU+z9gUG7RO:MllUGqBARd+U+iNR

Score

10^/10

remcos remotehost rat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

vcv.mastercoa.co:8489

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-4IE8MY
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  tmp
- Size
  
  1.3MB
- MD5
  
  ea0ed22b74d388edcd12502bbd551765
- SHA1
  
  b2feee85b1c25c2b1323f19041f39a6aecb1da52
- SHA256
  
  fc0e7c3770a7c1452c62d071a8a59c81638c403f4841a7422d3b6e50934d29ee
- SHA512
  
  082c84902046488c0dfee9e8d0d5da7e4c4be63bc53c6500b2f6c69e63548dedff63a8c8b2f03f388892c3ba2c2d24da1e156fa166b0370aaf77c147d87b7148
- SSDEEP
  
  24576:evZvdf5lrRtHeaSQMuaGhqBnARdrqU+z9gUG7RO:MllUGqBARd+U+iNR
Score

10^/10

remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcosremotehostrat

behavioral2

remcosremotehostrat