remcos | d187cd925739faaf36ec184a13d707b638fa50f8ce4d76869fdb5b715eca5192 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Potwierdzenie_JC.iso
Size

66KB
Sample

230901-tqx6tsgc22
MD5

e0e59db623cddccb1e6422e850dd0221
SHA1

812ef6fc7fc47ed9a50641811634484e3ef85048
SHA256

d187cd925739faaf36ec184a13d707b638fa50f8ce4d76869fdb5b715eca5192
SHA512

f24e3adf9c962047a73c468d27fd07a315330cb1c2599bda018f474a086b8fb33a678c1a1d23959efb3acdc18aebb78beecab25148c22c839c9a5ba794795fb8
SSDEEP

96:5s38HpGs9ycajcgfud1KPU4SQ8gN8KpDHEAx6zNt:G38HpGs9wcgfy1J4ZfvpD18

Score

10^/10

remcos working rat

Malware Config

Extracted

Family

remcos

Botnet

working

C2

37.139.129.251:2404

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-O79KJZ
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  Potwierdzenie_wplaty.exe
- Size
  
  6KB
- MD5
  
  26b37737d30e4accf3274620d7dab75f
- SHA1
  
  fe1ae18028f145c9e2ef43eb9f7a611bc581f8f0
- SHA256
  
  e029bc85866faf62332458961316cf1561c335b06076936f9e1ae87cbc0a868e
- SHA512
  
  723b20c43fced9ca67538fdb39d3c5e3cf9a7334f25770b049a73f3472ea2423110af3818c4c70c50c914b09ec7c167b689e79e38a602acc3fc73a70d9bd470c
- SSDEEP
  
  96:Ws9ycajcgfud1KPU4SQ8gN8KpDHEAx6zNt:Ws9wcgfy1J4ZfvpD18
Score

10^/10

remcos working rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

remcosworkingrat