Overview

overview

10

Static

static

3

g2m.dll

windows7-x64

1

g2m.dll

windows10-2004-x64

3

utility.exe

windows7-x64

1

utility.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file2.zip

  • Size

    617KB

  • Sample

    240416-z1y4rsec6v

  • MD5

    15a581d5bfa829a5918660c871c45d82

  • SHA1

    466803dab319f07ab791fb94544665e97116bf60

  • SHA256

    4ef76b942e041c20fd58858d73b4180688c828608d42604eabf41821981ce997

  • SHA512

    29a6f7a5bbae9457af7d0bffff5e4117907ee960a4a99d1d1a4d22ded70b12913a35911a7fa8383aa9e91e77854d9ea35735d3e34d9e68b5aa60279e748a3ee1

  • SSDEEP

    12288:iNZgYft7Mz2HdVVZ6lZm+/g8fgpHM0EjGTG/Vid3KI9FsAxEJfLWx6X+UFF45Q:egYmz29rZCZm58fgq0EjR983KyFdOfLf

Score
10/10
remcosremotehostrat

Malware Config

Extracted

Family

remcos

Version

4.9.4 Pro

Botnet

RemoteHost

C2

104.243.38.89:5005

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-OVUT8V

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      g2m.dll

    • Size

      394KB

    • MD5

      bfdc1d6b753467fb5f1be175beca514e

    • SHA1

      36bb052c5c55a655b670bd728e8915fb8a0f2b1f

    • SHA256

      459557df57eb1e1925fc3130effe1a841867eb5cd450f8cb447fc00e3113d4d2

    • SHA512

      db58afe532944a66c76a10f3cbaf29ab4403e71b78c149ef6063fbc3b023dfbe8c66cdfd3fb3aaacc090b34b38d87c7cbb4d57bf5460709d77161b0f1a1400b7

    • SSDEEP

      6144:c/tGvR6jAvLYCfNdrVD49mkqjLeM4ZWhdR/WQy5tjQuUqcLpH0:cMpvDNA9mkqJzhdR/dUOLpH0

    Score
    3/10
    behavioral1behavioral2

    • Target

      utility.exe

    • Size

      39KB

    • MD5

      f1b14f71252de9ac763dbfbfbfc8c2dc

    • SHA1

      dcc2dcb26c1649887f1d5ae557a000b5fe34bb98

    • SHA256

      796ea1d27ed5825e300c3c9505a87b2445886623235f3e41258de90ba1604cd5

    • SHA512

      636a32fb8a88a542783aa57fe047b6bca47b2bd23b41b3902671c4e9036c6dbb97576be27fd2395a988653e6b63714277873e077519b4a06cdc5f63d3c4224e0

    • SSDEEP

      768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh

    Score
    10/10
    remcosremotehostrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos
    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks