remcos | 75e57d3f76491b9bc7fe155b20ea8f9498892bd54a34824fca50bf0ae4a1902e | Triage

Sharing

General

Target

75e57d3f76491b9bc7fe155b20ea8f9498892bd54a34824fca50bf0ae4a1902e_JC.exe
Size

909KB
Sample

230805-rl356sdc29
MD5

4853aa5ad98757a756f1acfe1bed460d
SHA1

816027f9fbce3d22624db698ede23a2d4cc25023
SHA256

75e57d3f76491b9bc7fe155b20ea8f9498892bd54a34824fca50bf0ae4a1902e
SHA512

756dc810b13bf18bad2495b78afbfd0fee281de55eadc5a24b2ebd4ece60bffba01420f3edcc42994500d5978a277e832fb8627c058a2a7cac52bfcb25065097
SSDEEP

24576:F+1IOE/QNWkphcu3WGMPBGqHsOGCP9xMS5RkP5:F+1XrhcuW3GqBGCP9x/5RK5

Score

10^/10

remcos thcinc rat

Malware Config

Extracted

Family

remcos

Botnet

Thcinc

C2

b6079658.sytes.net:6110

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
thcinc.exe
copy_folder
Thcinc
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
thcinc
mouse_option
false
mutex
Rmc-X26LV5
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  75e57d3f76491b9bc7fe155b20ea8f9498892bd54a34824fca50bf0ae4a1902e_JC.exe
- Size
  
  909KB
- MD5
  
  4853aa5ad98757a756f1acfe1bed460d
- SHA1
  
  816027f9fbce3d22624db698ede23a2d4cc25023
- SHA256
  
  75e57d3f76491b9bc7fe155b20ea8f9498892bd54a34824fca50bf0ae4a1902e
- SHA512
  
  756dc810b13bf18bad2495b78afbfd0fee281de55eadc5a24b2ebd4ece60bffba01420f3edcc42994500d5978a277e832fb8627c058a2a7cac52bfcb25065097
- SSDEEP
  
  24576:F+1IOE/QNWkphcu3WGMPBGqHsOGCP9xMS5RkP5:F+1XrhcuW3GqBGCP9x/5RK5
Score

10^/10

remcos thcinc rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcosthcincrat

behavioral2

remcosthcincrat