remcos | add8dea19a5377579ef947edfea661faea738c2b565ea031a1a85607b1e6bea1 | Triage

Sharing

General

Target

0b94975f5dde6feab979853991933616.bin
Size

867KB
Sample

230519-bc4scaed25
MD5

b7d22eb8d441674b462a11aa61e46339
SHA1

cdd6e50f0dd680b95d8e49269b03e7e6d7581b00
SHA256

add8dea19a5377579ef947edfea661faea738c2b565ea031a1a85607b1e6bea1
SHA512

091735ba772ebaf702cdb027a90ecc49f088a60446f3baac8b52e1aa271d891b7cea2fe73543b1fc77a5f9899004f59544aac48bc21d057db63c0260b4524fce
SSDEEP

24576:5dGmQQeB4jqZUswdEg3sKLqNmQ3xezn6mSffgcR3dvF:5dGmQQe6jrdRUlx0VTcR7

Score

10^/10

remcos remotehost rat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

seanblacin.sytes.net:6110

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
chrcrh.exe
copy_folder
chrcrh
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
chrcrh
mouse_option
false
mutex
Rmc-FDI6XX
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
chrcrh
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  a6bf09d8242fd2933426629a504f995a5d624d555bd2f28a49876762ec0a03a6.exe
- Size
  
  1.0MB
- MD5
  
  0b94975f5dde6feab979853991933616
- SHA1
  
  6b15f943d7ae7e265e455026a70b2116bc7a407d
- SHA256
  
  a6bf09d8242fd2933426629a504f995a5d624d555bd2f28a49876762ec0a03a6
- SHA512
  
  7e8a156ea625dbe2d15f76a70bd79b6a123526ee1d71450b8e16b3df069f9cf6c2d25e9ee7796d644891537ee243618ae39ede7f4e1c75a66618c9ab1e452a37
- SSDEEP
  
  24576:cWRK9jeP8CWr4cBKXh83adVzgXF37tBJp:cWQ9+8Br45Xe36VS37H
Score

10^/10

remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

remcosremotehostrat