remcos | 5c6cfb4908c07c8b3677cabe6c3b96be940873b5814dd4cfe948c5bec76a0fc2 | Triage

Submit
Reports

Overview

overview

Static

static

1

5a20db58-6...97.eml

windows7-x64

5a20db58-6...97.eml

windows10-2004-x64

3

Resubmissions

22/02/2024, 14:29

240222-rtsz6sba5w 10

22/02/2024, 14:22

240222-rpzbdsbd39 10

Sharing

General

Target

5a20db58-694a-9617-c311-6ddcd5e6bd97.eml
Size

14KB
Sample

240222-rtsz6sba5w
MD5

81d78b2667fd7239c7bac435a08f7ec4
SHA1

b561287757732f9667b68b305f28248793c9b4b9
SHA256

5c6cfb4908c07c8b3677cabe6c3b96be940873b5814dd4cfe948c5bec76a0fc2
SHA512

1c0b79a0276f4d8d0145259bf3c1d4767d6b608383be8e3bbac2365f523601b9e28189b74a164efde53892114d6f8112d34a6ab1ef66c37db9db190774a53577
SSDEEP

384:Z0AHiCbpuPXyDkNaQe94rN5XTGLv4ZefeDos:Z0ACsGXJIQ4GTXTiv4ZefeDos

Score

10^/10

remcos bbbbb rat

Static task

static1

Behavioral task

behavioral1

Sample

5a20db58-694a-9617-c311-6ddcd5e6bd97.eml

Resource

win7-20240221-en

remcos bbbbb rat

windows7-x64

19 signatures

300 seconds

Behavioral task

behavioral2

Sample

5a20db58-694a-9617-c311-6ddcd5e6bd97.eml

Resource

win10v2004-20240221-en

windows10-2004-x64

4 signatures

300 seconds

Malware Config

Extracted

Family

remcos

Botnet

BBBBB

C2

ferfnekfkjerfjre.con-ip.com:1995

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-B468MF
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  5a20db58-694a-9617-c311-6ddcd5e6bd97.eml
- Size
  
  14KB
- MD5
  
  81d78b2667fd7239c7bac435a08f7ec4
- SHA1
  
  b561287757732f9667b68b305f28248793c9b4b9
- SHA256
  
  5c6cfb4908c07c8b3677cabe6c3b96be940873b5814dd4cfe948c5bec76a0fc2
- SHA512
  
  1c0b79a0276f4d8d0145259bf3c1d4767d6b608383be8e3bbac2365f523601b9e28189b74a164efde53892114d6f8112d34a6ab1ef66c37db9db190774a53577
- SSDEEP
  
  384:Z0AHiCbpuPXyDkNaQe94rN5XTGLv4ZefeDos:Z0ACsGXJIQ4GTXTiv4ZefeDos
Score

10^/10

remcos bbbbb rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy