remcos | 9bf55d8f3b892e6b8706ec526eaa51cc8a1a727b45759494e2e388979a5708b8 | Triage

Sharing

General

Target

HB23090003.EXE
Size

79KB
Sample

230901-prennafa42
MD5

05492ba0dd021b81e573bcaf60a78faa
SHA1

967ed28f6fe35de046b678bda593efd1fefb92e6
SHA256

9bf55d8f3b892e6b8706ec526eaa51cc8a1a727b45759494e2e388979a5708b8
SHA512

95ecc2018e53c4e25db94a1453638fc51567040d1b7aca8d736b9daf4c95ccf16c59a4cdca4988f906f445a614857814424258477297f8f649091154c6fd7395
SSDEEP

1536:oNqFIZsnSJ/y3VbGBv4jMZ5LGKqn3LvMM/vnwhxgY3H6K+i3:2sSJ/cCuwqTnwbgYX6Q

Score

10^/10

remcos working persistence rat

Malware Config

Extracted

Family

remcos

Botnet

working

C2

37.139.129.251:2404

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-O79KJZ
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  HB23090003.EXE
- Size
  
  79KB
- MD5
  
  05492ba0dd021b81e573bcaf60a78faa
- SHA1
  
  967ed28f6fe35de046b678bda593efd1fefb92e6
- SHA256
  
  9bf55d8f3b892e6b8706ec526eaa51cc8a1a727b45759494e2e388979a5708b8
- SHA512
  
  95ecc2018e53c4e25db94a1453638fc51567040d1b7aca8d736b9daf4c95ccf16c59a4cdca4988f906f445a614857814424258477297f8f649091154c6fd7395
- SSDEEP
  
  1536:oNqFIZsnSJ/y3VbGBv4jMZ5LGKqn3LvMM/vnwhxgY3H6K+i3:2sSJ/cCuwqTnwbgYX6Q
Score

10^/10

remcos working persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

remcosworkingpersistencerat