remcos | 043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

043c2ea747...2d.exe

windows7-x64

043c2ea747...2d.exe

windows10-2004-x64

Sharing

General

Target

043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d.exe
Size

233KB
Sample

240320-cf29csea63
MD5

b0e371680c2c465a447d8cb4ad0ffa57
SHA1

b622b7dfb03b70219fe047abd365fe88a4316394
SHA256

043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d
SHA512

b6956d170613bfae4afb1754bf9a2bdcc8ebce5a4e4c2d8052921a929969bf67f8defa8ad6f396fedf45dfd65d70e19bbe2998f49b6f16bb3167b392fb231577
SSDEEP

6144:4mvl3n8iOiB4RBucKa3h80tK2gBWvADGGw6j1:tvlX8i8RB5JvADGGnj

Score

10^/10

remcos chuk rat upx

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d.exe

Resource

win7-20240221-en

remcos chuk rat upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d.exe

Resource

win10v2004-20240226-en

remcos chuk rat upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

chuk

C2

mexbar.duckdns.org:3119

chukwuonye.duckdns.org:3241

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-S6EIWK
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d.exe
- Size
  
  233KB
- MD5
  
  b0e371680c2c465a447d8cb4ad0ffa57
- SHA1
  
  b622b7dfb03b70219fe047abd365fe88a4316394
- SHA256
  
  043c2ea7473300aeef75d4347969ea2c54784e16892fb535b293b9dddb32b02d
- SHA512
  
  b6956d170613bfae4afb1754bf9a2bdcc8ebce5a4e4c2d8052921a929969bf67f8defa8ad6f396fedf45dfd65d70e19bbe2998f49b6f16bb3167b392fb231577
- SSDEEP
  
  6144:4mvl3n8iOiB4RBucKa3h80tK2gBWvADGGw6j1:tvlX8i8RB5JvADGGnj
Score

10^/10

remcos chuk rat upx
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
- UPX dump on OEP (original entry point)
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcoschukratupx

behavioral2

remcoschukratupx

© 2018-2025

Terms | Privacy