remcos | 43c39e05ae59835e16df8bd732cd035292db70bc2c2d6d95ac354622bfa376ec | Triage

Sharing

General

Target

tmp
Size

987KB
Sample

230526-msjb5afe8v
MD5

03dc66eb73f94113115e145a35599724
SHA1

88fdf81626acf5a1b2b561002b5ea6425c7b23fe
SHA256

43c39e05ae59835e16df8bd732cd035292db70bc2c2d6d95ac354622bfa376ec
SHA512

0e505655394d3e0728c7dcaa3157f0b1293bc9255727acec3435d7a4db8dcf9a130c2240cb6028dd2ca90cd9646e3b05075c8f0ccd56412f373e4a923f5badbe
SSDEEP

12288:97z5GoJiGaq5auiuHeSV0TL4X10nL8BeBQe90wgYlS+al1JiWYyn54FVHmSI9/VQ:55GoR5aQT0aqF2euimJiWYI4E1OaWoW

Score

10^/10

remcos remotehost rat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

seanblacin.sytes.net:6110

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
chrcrh.exe
copy_folder
chrcrh
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
chrcrh
mouse_option
false
mutex
Rmc-FDI6XX
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
chrcrh
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  tmp
- Size
  
  987KB
- MD5
  
  03dc66eb73f94113115e145a35599724
- SHA1
  
  88fdf81626acf5a1b2b561002b5ea6425c7b23fe
- SHA256
  
  43c39e05ae59835e16df8bd732cd035292db70bc2c2d6d95ac354622bfa376ec
- SHA512
  
  0e505655394d3e0728c7dcaa3157f0b1293bc9255727acec3435d7a4db8dcf9a130c2240cb6028dd2ca90cd9646e3b05075c8f0ccd56412f373e4a923f5badbe
- SSDEEP
  
  12288:97z5GoJiGaq5auiuHeSV0TL4X10nL8BeBQe90wgYlS+al1JiWYyn54FVHmSI9/VQ:55GoR5aQT0aqF2euimJiWYI4E1OaWoW
Score

10^/10

remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcosremotehostrat

behavioral2

remcosremotehostrat