remcos | 1f0a225b3b04a26d777a315cb1cacde6d5b0d7fc9e182a96ef035b41adada2de | Triage

Sharing

General

Target

GH0987654560087.bat.exe
Size

1.3MB
Sample

231205-t9l8nsch99
MD5

f0b143f0d8012b2acb59e94544ee8a95
SHA1

215cd6adf283a17bf4c717e27842bc1e9bfb2058
SHA256

1f0a225b3b04a26d777a315cb1cacde6d5b0d7fc9e182a96ef035b41adada2de
SHA512

64b5dd4b4f14c090a06cbfa3dc69028efdc9c2c973afe7b3449eb4211611d8f373124eef14553548dd0cfc18b057d9518000ea6a8082fe1987c05b89f9a9dfa1
SSDEEP

24576:HYc6g/pOKKeFZYokY8+VnPZhNsqWOgjcjqQvWV:HrZYokYNnFsfxjcjqbV

Score

10^/10

remcos remotehost rat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

107.175.229.139:8087

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-IZFV1M
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  GH0987654560087.bat.exe
- Size
  
  1.3MB
- MD5
  
  f0b143f0d8012b2acb59e94544ee8a95
- SHA1
  
  215cd6adf283a17bf4c717e27842bc1e9bfb2058
- SHA256
  
  1f0a225b3b04a26d777a315cb1cacde6d5b0d7fc9e182a96ef035b41adada2de
- SHA512
  
  64b5dd4b4f14c090a06cbfa3dc69028efdc9c2c973afe7b3449eb4211611d8f373124eef14553548dd0cfc18b057d9518000ea6a8082fe1987c05b89f9a9dfa1
- SSDEEP
  
  24576:HYc6g/pOKKeFZYokY8+VnPZhNsqWOgjcjqQvWV:HrZYokYNnFsfxjcjqbV
Score

10^/10

remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcosremotehostrat

behavioral2