remcos | 8018a2c51c927e3135f7dbcf99802d69279b7d4a985358f9f986fa23880a1647 | Triage

Sharing

General

Target

974ad922355c1ebc37e49918712b1d48.zip
Size

1.6MB
Sample

240307-tv7aasfd92
MD5

72cfc77743a59ce04840f93363190f7e
SHA1

ab7be607eb0702a1df6416aeb7139a83a3370231
SHA256

8018a2c51c927e3135f7dbcf99802d69279b7d4a985358f9f986fa23880a1647
SHA512

5af695a5e1bf9ad466bc4121aae206e7605c31233d02519a8f0c98be4cea2af33047395a6bfdbbfc5b23b708f9dd822452cdd22e7d8ac9bafb787f3d307cddf6
SSDEEP

12288:5q6HyQRBx/6PGjtmdZVikOuVBvabCiz1WAbVbF2j5Psxp:5eciMaVikBOGiz1NbVbFfxp

Score

10^/10

remcos manizales rat

Malware Config

Extracted

Family

remcos

Botnet

MANIZALES

C2

sdfsdjhswdbjhd.con-ip.com:1990

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-IEME9T
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  974ad922355c1ebc37e49918712b1d48
- Size
  
  1024.0MB
- MD5
  
  2881d47ae8e83d9ab12dfdb5df3620e0
- SHA1
  
  9e8e110cf4af02aafe216cfb11b9b018f22a377f
- SHA256
  
  6790dc52884887bcd7191c7f4227ed4d4f5fdfb8e95a368f9ddab4262542abc4
- SHA512
  
  f470e0f9080f3b2ac8fcb8e4f220542656bda99dbcc48546063c9faec3004a87a4e019db1b278c85893f70fd27536c62a93d9d045eb67e9df77bec0eb482accf
- SSDEEP
  
  12288:nD3ySRBx/cdGjhmrDVigOuvZv+5cyHTWKbl9Foj95s8Ge0:DCy0uEVigB8ayHTLbl9FDlX
Score

10^/10

remcos manizales rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosmanizalesrat

behavioral2

remcosmanizalesrat