remcos | 04c8c64580324331a7c2c86d8191c20abac992ffc8b81f5b432e6f6bb5974a2c | Triage

Sharing

General

Target

145f990406000a1e944fef609e608edd4f6a347d4038e880599bcc1fb6c709b7.zip
Size

920KB
Sample

240402-qtstqsbg45
MD5

aa9b02bc90e0ec6de8da3aaa173062b7
SHA1

b80ad25e97c86f2a94404f8dca733059abb8674c
SHA256

04c8c64580324331a7c2c86d8191c20abac992ffc8b81f5b432e6f6bb5974a2c
SHA512

17ba75999b9d4cd818d5db38943aef275381e1325c62dede44ed31e75a8e319d4956ab09a361526ac04d551ca2b583245dc9609b61ae8b71d554ca55a6009fec
SSDEEP

24576:2rUrHvAZK/CqAOpshV000Z2BcAcsVLd5GbP:oUrVXIP9BcYDU

Score

10^/10

remcos remotehost rat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

shgoini.com:30902

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-7XHN5V
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  Quotation.exe
- Size
  
  1.4MB
- MD5
  
  b637de26aa293e2d88beb31e09febd46
- SHA1
  
  a800c3b4defa12246ad3d6b9e70f1aa02e2d7623
- SHA256
  
  ca52caeb15fde0f171362e3e7771edecc44f2e582cccaa0fedbd6012669076d7
- SHA512
  
  c2b8febd7e296aa35b003b5637f911dd17df2303677126d5da97de2341a4aec2ac1b3b2b5bd2bbdf8288d71d1027b4489fd75eb638153754bb50a4820bb8e437
- SSDEEP
  
  24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8a61SU+YLo06JKBqM02XjJxn:tTvC/MTQYxsWR7a6gU+OV6JKcM0uj
Score

10^/10

remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Drops startup file
- Executes dropped EXE
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

remcosremotehostrat