remcos | 4964e7f096d6b3fb575040c01238d88aa01204abd4411c9515b500299b40b830 | Triage

Sharing

General

Target

4964e7f096d6b3fb575040c01238d88aa01204abd4411c9515b500299b40b830
Size

905KB
Sample

240417-q5cxnaca3z
MD5

46ae2f3ece45f1776e1f55552f925ed5
SHA1

b6820b2ced1c48909f846f697a10678ec9baf2c1
SHA256

4964e7f096d6b3fb575040c01238d88aa01204abd4411c9515b500299b40b830
SHA512

cb228fa7e979affc3ac33c8bb575a4915c9c7d93b72005a4dfd17958d9e7160c7d79eb744aedbeefb105bfaa87c62b25dc4b538ce4b8c6466e05d2be98762b05
SSDEEP

12288:Re4tvAVvpTg2g35N1SLKBpOWrUGWM51+xZDFAqSA907cwWiiYKensyNS5c+J/5ba:RjvAFy/Z3XrUVq2LDeowZN+Nxa

Score

10^/10

remcos john smith rat

Malware Config

Extracted

Family

remcos

Botnet

JOHN SMITH

C2

192.210.201.57:62289

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-GIZGNL
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  38d45a0e0f376be174d788c93424ef4724daad94ce4139beba1868a36d8ad47f.exe
- Size
  
  997KB
- MD5
  
  ccc056c533979eacb9089e27c5b24518
- SHA1
  
  d85d5e3540711d86bcd798f74b6fd68deb100a8e
- SHA256
  
  38d45a0e0f376be174d788c93424ef4724daad94ce4139beba1868a36d8ad47f
- SHA512
  
  e2c8181bbddf2f7e391d391e0e253beb0472950ef58e371a699b4b24f471c287f14146530bd45e79e0f6d78eada493c522e7e1c55eb207ef5c1735eca249cae2
- SSDEEP
  
  24576:9aj8qIR12+0LufeamU7DoLyo5yViQkZmSXwVtJ:RkLUnno5xQkQTV
Score

10^/10

remcos john smith rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcosjohn smithrat

behavioral2

remcosjohn smithrat