remcos | 9ec972333e8ee5a045f432e0d9829a85b10361f717c57482c322d7077e237b3d | Triage

Submit
Reports

Overview

overview

Static

static

1

07399099.rtf

windows7-x64

07399099.rtf

windows10-2004-x64

1

Sharing

General

Target

07399099.doc
Size

13KB
Sample

230606-s6d78afa4z
MD5

814c549027ffa7b070b8dcbdf94c3124
SHA1

3bc00c380c958fb225da0224ad8a90df6af8d265
SHA256

9ec972333e8ee5a045f432e0d9829a85b10361f717c57482c322d7077e237b3d
SHA512

5a6fca5913c814862b0c40f16ebdedb44fe3b5839b0a631168015878c5cdfa761f6f1f76ec2afd193ea93224f94466ca8020c5cf8ef295a31afcf112d143386c
SSDEEP

384:NoO098d/Ejd0fyJXPTzkiQZ4/NpPFNkYsoY+qfdMV1l:tBd/ER0fytPTQi3//FPD/mWb

Score

10^/10

remcos success1 rat

Static task

static1

Behavioral task

behavioral1

Sample

07399099.rtf

Resource

win7-20230220-en

remcos success1 rat

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

07399099.rtf

Resource

win10v2004-20230220-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

success1

C2

103.212.81.154:1940

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-M38C46
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  07399099.doc
- Size
  
  13KB
- MD5
  
  814c549027ffa7b070b8dcbdf94c3124
- SHA1
  
  3bc00c380c958fb225da0224ad8a90df6af8d265
- SHA256
  
  9ec972333e8ee5a045f432e0d9829a85b10361f717c57482c322d7077e237b3d
- SHA512
  
  5a6fca5913c814862b0c40f16ebdedb44fe3b5839b0a631168015878c5cdfa761f6f1f76ec2afd193ea93224f94466ca8020c5cf8ef295a31afcf112d143386c
- SSDEEP
  
  384:NoO098d/Ejd0fyJXPTzkiQZ4/NpPFNkYsoY+qfdMV1l:tBd/ER0fytPTQi3//FPD/mWb
Score

10^/10

remcos success1 rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

remcossuccess1rat

behavioral2

© 2018-2024

Terms | Privacy