remcos | a63a455053dc647a6ed1d8ecf2d07cadd4d21ec80f9ded05367cfd1bf45ea5f7 | Triage

Submit
Reports

Overview

overview

Static

static

3

dbbaa8a3f3...76.exe

windows7-x64

dbbaa8a3f3...76.exe

windows10-2004-x64

Sharing

General

Target

a63a455053dc647a6ed1d8ecf2d07cadd4d21ec80f9ded05367cfd1bf45ea5f7
Size

850KB
Sample

240417-qq8qsaba9t
MD5

2eb70edfc68ccf80df38406111758529
SHA1

768e39a6bdf6d6e43b1e30bf13ed6f929cbe879a
SHA256

a63a455053dc647a6ed1d8ecf2d07cadd4d21ec80f9ded05367cfd1bf45ea5f7
SHA512

a0378f6f8332900faab5f7d4aaa5ccb7cf742fc6df4eed4b7d0fdffd8d6ff2488e55d67e2a807ae4e68190dbcabc56606be937be65d675b4b1371e9064eb809d
SSDEEP

24576:1wOt9J2GIdNRbXJRTHdYsB5Z9NtEhXJbBRL48tXP:+O2HdnjbR9DdEVJtpz/

Score

10^/10

remcos new logs collection rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dbbaa8a3f350fc9ee75bc0d81c0ae4be1f0e53e62765900fac80f9f7ec541176.exe

Resource

win7-20240221-en

remcos new logs collection rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

dbbaa8a3f350fc9ee75bc0d81c0ae4be1f0e53e62765900fac80f9f7ec541176.exe

Resource

win10v2004-20240226-en

remcos new logs collection rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

NEW LOGS

C2

107.150.18.202:2404

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-OZ63RB
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  dbbaa8a3f350fc9ee75bc0d81c0ae4be1f0e53e62765900fac80f9f7ec541176.exe
- Size
  
  861KB
- MD5
  
  e7051ed29a0503d3cb5551de6dee0326
- SHA1
  
  a6f7ef215c2ceabfe67b98d3a463f296f4d1e6e4
- SHA256
  
  dbbaa8a3f350fc9ee75bc0d81c0ae4be1f0e53e62765900fac80f9f7ec541176
- SHA512
  
  483a265b190774af141e81a8a550ac852594a4a2b11a51242d06efe6ebc6393f14a0ae23c9a119f64c7acc4984bf3386bf5bbc3455c0544e4533e3a873aa46dc
- SSDEEP
  
  24576:RqPj0C+UdQ0+asWpOckHte7zMiHdElFqG165oeBhE:YPXLAgOVte7zMpC5TE
Score

10^/10

remcos new logs collection rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

remcosnew logscollectionrat

behavioral2

remcosnew logscollectionrat

© 2018-2024

Terms | Privacy