remcos | 5f41a3813e433c05444cc3f8b3f41e4284b3b27af7c476704bcebe170098780f | Triage

Resubmissions

02-04-2024 16:25

240402-txb7yafd52 10

02-04-2024 16:16

240402-tqrztafa6x 5

Sharing

General

Target

Quotation.zip
Size

1012KB
Sample

240402-txb7yafd52
MD5

780e2bf8806f5673c736718c4385360f
SHA1

9834a14e02f6d7eed79d99b14718c61aa15766b6
SHA256

5f41a3813e433c05444cc3f8b3f41e4284b3b27af7c476704bcebe170098780f
SHA512

f66b9baa3199a6c34bab35c21d347d387e1ddefe29bc556cd05cab0c9d0afdb1626c4bd009a31e97ad3ee7a0fa99b974732818345a71d7dc523ddde7e2f8dd11
SSDEEP

12288:RRt9S9IaivA6ytWOLXKn3tnyFWL2eKCO9ORyGhsu5gD1qxTxlJTkeO6SC28tqrsN:LS93ivANhLXytnyF1/GcE5kba2YQIp3P

Score

10^/10

remcos remotehost rat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

shgoini.com:30902

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-7XHN5V
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  Quotation.exe
- Size
  
  1.4MB
- MD5
  
  b637de26aa293e2d88beb31e09febd46
- SHA1
  
  a800c3b4defa12246ad3d6b9e70f1aa02e2d7623
- SHA256
  
  ca52caeb15fde0f171362e3e7771edecc44f2e582cccaa0fedbd6012669076d7
- SHA512
  
  c2b8febd7e296aa35b003b5637f911dd17df2303677126d5da97de2341a4aec2ac1b3b2b5bd2bbdf8288d71d1027b4489fd75eb638153754bb50a4820bb8e437
- SSDEEP
  
  24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8a61SU+YLo06JKBqM02XjJxn:tTvC/MTQYxsWR7a6gU+OV6JKcM0uj
Score

10^/10

remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcosremotehostrat

behavioral2