remcos | 91f81f3d3088bfc25707998c18c1bd4e5c0f8cabf8cc499e1d16ef140f02468d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Overdue Invoice.exe
Size

871KB
Sample

231107-d7cy8aah5y
MD5

22a11804e844c2851a18c4e017d152e9
SHA1

7ed09a8b7f3b2260c4829487084d170be22448e1
SHA256

91f81f3d3088bfc25707998c18c1bd4e5c0f8cabf8cc499e1d16ef140f02468d
SHA512

6c4c418f7e8538f6c6fb3dd493b544150b2e7c3921f92b65b4c0ce543b21446f6dc12b81a909c3ab600a35aae82bac5d0872d6d4b0d72ee1136d5df7f2af3bfe
SSDEEP

24576:Io8hs62zPmIpC6R/GZip2VkV66w++Z9XBUzIo:b8hdUu6tqYQkV66wPXgb

Score

10^/10

remcos ifeoma rat

Malware Config

Extracted

Family

remcos

Botnet

IFEOMA

C2

194.147.140.145:1997

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-D3AL88
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  Overdue Invoice.exe
- Size
  
  871KB
- MD5
  
  22a11804e844c2851a18c4e017d152e9
- SHA1
  
  7ed09a8b7f3b2260c4829487084d170be22448e1
- SHA256
  
  91f81f3d3088bfc25707998c18c1bd4e5c0f8cabf8cc499e1d16ef140f02468d
- SHA512
  
  6c4c418f7e8538f6c6fb3dd493b544150b2e7c3921f92b65b4c0ce543b21446f6dc12b81a909c3ab600a35aae82bac5d0872d6d4b0d72ee1136d5df7f2af3bfe
- SSDEEP
  
  24576:Io8hs62zPmIpC6R/GZip2VkV66w++Z9XBUzIo:b8hdUu6tqYQkV66wPXgb
Score

10^/10

remcos ifeoma rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcosifeomarat

behavioral2

remcosifeomarat