remcos | d6c4e74a2a9ccdbe06290419c73185b032757f9d595b42029e8c245406a5731e | Triage

Submit
Reports

Overview

overview

Static

static

bTQu.exe

windows7-x64

bTQu.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

bTQu.exe
Size

233KB
Sample

240229-k3wdbsce94
MD5

e8f66cc84d8cf1bb42d8fb8b88b7e5d4
SHA1

2a241b028f4e3b2a9ac938315ee3db2f3267fbc3
SHA256

d6c4e74a2a9ccdbe06290419c73185b032757f9d595b42029e8c245406a5731e
SHA512

dd1a20c18f2c3b6372ffb37d3290d324b401f6ad897ffacb1c703b0b28f202f2afd6283117def76c5f96c075b5057c23efe7b50be7a16101a33895b81abe6188
SSDEEP

6144:5mvl3n8iOiB4RBucKa3h80tK2gBWvADGGw6j1:IvlX8i8RB5JvADGGnj

Score

10^/10

remcos remotehost rat upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

bTQu.exe

Resource

win7-20240221-en

remcos remotehost rat upx

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

bTQu.exe

Resource

win10v2004-20240226-en

remcos remotehost rat upx

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

payday27.duckdns.org:4546

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-MQ397Z
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  bTQu.exe
- Size
  
  233KB
- MD5
  
  e8f66cc84d8cf1bb42d8fb8b88b7e5d4
- SHA1
  
  2a241b028f4e3b2a9ac938315ee3db2f3267fbc3
- SHA256
  
  d6c4e74a2a9ccdbe06290419c73185b032757f9d595b42029e8c245406a5731e
- SHA512
  
  dd1a20c18f2c3b6372ffb37d3290d324b401f6ad897ffacb1c703b0b28f202f2afd6283117def76c5f96c075b5057c23efe7b50be7a16101a33895b81abe6188
- SSDEEP
  
  6144:5mvl3n8iOiB4RBucKa3h80tK2gBWvADGGw6j1:IvlX8i8RB5JvADGGnj
Score

10^/10

remcos remotehost rat upx
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcosremotehostratupx

behavioral2

remcosremotehostratupx

© 2018-2025

Terms | Privacy