remcos | a60e1197ebcb2a8e1a986ca1136ece71f29252f929841dc0896a7531ed97a1c7 | Triage

Sharing

General

Target

payload
Size

1.4MB
Sample

240313-xh3m5aeg89
MD5

2480d543309b678b0a93da2ed7aba357
SHA1

3f1585a394f7d45bb6e9b3904dae277d821b6bf4
SHA256

a60e1197ebcb2a8e1a986ca1136ece71f29252f929841dc0896a7531ed97a1c7
SHA512

e92017550090b10e8730fe8e742ec1648c3c4acda5fc2cacbc4382cfeb215b8ff79eb33d64dd4fb8c778f8101de7660c4e079632abc96a869170a06b05ecbefb
SSDEEP

24576:XyXCzxw5E88s6Hhvs70FmfRqC4XUSE6poNCgA9xb8w0GJ0WcQuhnjE2500+UkFyr:XyX288s6BvsQogC4dRoNqxb8fLhnjL5l

Score

10^/10

remcos bbbbb rat

Malware Config

Extracted

Family

remcos

Botnet

BBBBB

C2

ferfnekfkjerfjre.con-ip.com:1995

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-B468MF
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  NOTIFIQUESE DE CONSIGNACIÓN INTERBANCARIO CUS860007368.exe
- Size
  
  1023.9MB
- MD5
  
  5d4432554faa63538ab4362aa67c501d
- SHA1
  
  bbb415010f500bca1ad3fc43443b6d66e98a8e9b
- SHA256
  
  c91265f4bd15473473917248476f78481af72156df9a4043cb47849ca3d814e7
- SHA512
  
  51f271ecb509e239420e8f9b9b8d123ed8402f35de9fcb20106ea8452d3c663903d7d6508c95a3cad9040aeaebb6b8cdfaaa2a559a9e0c5c81ed7de447bab649
- SSDEEP
  
  24576:JXQbwrXE1tVP6XQDV9XnfJi7ma5Ff/Lglfedx:Wwr0tCQnJi7ma5FLglf
Score

10^/10

remcos bbbbb rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2