remcos | c1f9bd91fa3c08e550b2069ec8e1193404f7cccffbf9db85e6f2ef4e87625eb2 | Triage

Sharing

General

Target

46003a917927235059d68042c451a6ca.bin
Size

490KB
Sample

230615-bpezraec38
MD5

ba47d5be1aaf9526e280bc15cd864b95
SHA1

ea84b9535cfc243d34fc49ab8d12317e43e792fd
SHA256

c1f9bd91fa3c08e550b2069ec8e1193404f7cccffbf9db85e6f2ef4e87625eb2
SHA512

a497b00de345d6cc9265c522af96ff0f02d851528537bd89464a3fc3a2b2a70ebf11194746ee88dfbc192c45909b82454e1bfde38184508da324e869cd792ef7
SSDEEP

12288:0n/MD8OBpICnRMoQIArbBkDzGZceFowvv7Axo4DVZRFc8UigjU:0ns8OLNiBZ9Zc8owvvMxJDV1c8UNjU

Score

10^/10

remcos remotehost rat

Malware Config

Extracted

Family

remcos

Version

4.6.0 Light

Botnet

RemoteHost

C2

192.168.175.1:1800

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-04OZR4
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  4d20cc81fe3369624b78b05419fea8efdf9f147fa13ff541561ae4298b3c5ad8.exe
- Size
  
  540KB
- MD5
  
  46003a917927235059d68042c451a6ca
- SHA1
  
  741885a42d4517939c3a7e003727b12d457f0624
- SHA256
  
  4d20cc81fe3369624b78b05419fea8efdf9f147fa13ff541561ae4298b3c5ad8
- SHA512
  
  046014f7bffa551353e6f445d0b83c1821c6e13730ffb715e6bc90f7f374e012f510f18e6b8b735ddebfd51497d577293b962c4f9b47be7467e4c77c9365a842
- SSDEEP
  
  12288:WioEcxmEeHrkc/hopGjiZdJiCb8jSjSbgDW/zmquIuG:WREBEeHrkcWpamECo+jLDW/Kni
Score

10^/10

remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcosremotehostrat

behavioral2

remcosremotehostrat