Overview

overview

10

Static

static

1

36006e4351...53.exe

windows7-x64

10

36006e4351...53.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b757184307094f4f4d1caefe3ee80d3.bin

  • Size

    1.0MB

  • Sample

    230328-bk1ewsaa6w

  • MD5

    03dd73ad8497748e5b094c2d4f863781

  • SHA1

    e71b8b48bfa17fa118571475237b05880f9b3801

  • SHA256

    e5dca5eabc6e7533819859eca8ed07eec01fad9cb5b5ea2e9eea547eaf3020f0

  • SHA512

    51ae9ded658aa8d08ae94065c70c073717ee32ae754cbc4162727d31b9cc04177baa9ab62b9dd5094f0d488f7c8217664fff698ed7da9352f9a39830d1d2a53a

  • SSDEEP

    24576:Ry+HHQ+pK8S3uXL3FKAO2gECfHm0ztyBVU4J:RySHQ+pK3+htO2NCfNtyBVR

Score
10/10
remcosremotehostrat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

212.193.30.230:3348

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-4LKZRP

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      36006e43513ee6ca1f60cf3a18b55d0cf42dcf095f166ab71314902d472a0453.bin

    • Size

      1.1MB

    • MD5

      1b757184307094f4f4d1caefe3ee80d3

    • SHA1

      fd19f622093c77c00879a3b2bce2171f1b5445bc

    • SHA256

      36006e43513ee6ca1f60cf3a18b55d0cf42dcf095f166ab71314902d472a0453

    • SHA512

      453b76346c793581633a6c1b3dbef18c37c5db8835a4c8760647c0350879738baa4cc769aeee01cad5c8e30f83fa48ccb370b3fab9b9aff06c96b9df668b0ff3

    • SSDEEP

      24576:MA5Ix0j/0Yw6gDYm+T1Nk/iEYaEr/pa7qvjSUJD:V5Q0gGg8XxNk/i8Ej42SUp

    Score
    10/10
    remcosremotehostrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks