remcos | aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9 | Triage

Submit
Reports

Overview

overview

Static

static

3

aa29ab3bea...d9.exe

windows7-x64

aa29ab3bea...d9.exe

windows10-2004-x64

Sharing

General

Target

aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
Size

1000KB
Sample

240410-dcgnxscc62
MD5

4cb03ed07925c43468569974c41b9325
SHA1

523e9b075323ae50036bf19b7f2e9615f97100d4
SHA256

aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9
SHA512

547fde8610379ee2e7ebeca76a711b5adb6c696abb9deaace5e4ea225e40d37fa437bb563dbd9bc81a2053676d2fb2ae43e4270d695f5d9d0a7d8ebee23f9ba3
SSDEEP

24576:0o5K55ee/YuX1Gx7MH7V9mu/0ilqWe7LpjCSAv:V5qauX1s7Mh4u/0ilq7LXAv

Score

10^/10

remcos buddy rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe

Resource

win7-20240221-en

remcos buddy rat

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe

Resource

win10v2004-20240226-en

remcos buddy rat

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

BUDDY

C2

192.210.201.57:52499

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-LMLI87
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9.exe
- Size
  
  1000KB
- MD5
  
  4cb03ed07925c43468569974c41b9325
- SHA1
  
  523e9b075323ae50036bf19b7f2e9615f97100d4
- SHA256
  
  aa29ab3beabcfd1b574182cbcb4d53330ed432fe371a39c38ef59a7b681361d9
- SHA512
  
  547fde8610379ee2e7ebeca76a711b5adb6c696abb9deaace5e4ea225e40d37fa437bb563dbd9bc81a2053676d2fb2ae43e4270d695f5d9d0a7d8ebee23f9ba3
- SSDEEP
  
  24576:0o5K55ee/YuX1Gx7MH7V9mu/0ilqWe7LpjCSAv:V5qauX1s7Mh4u/0ilq7LXAv
Score

10^/10

remcos buddy rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
- Detects executables packed with SmartAssembly
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy