remcos | 21d97b5ba446a51df12c2978fc16bec5f618cdb51b6017ec206e33a53fe9e2d5 | Triage

Sharing

General

Target

21d97b5ba446a51df12c2978fc16bec5f618cdb51b6017ec206e33a53fe9e2d5
Size

266KB
Sample

240417-rhjx5acg21
MD5

aaa53526e441d53f6232bc6e21721dd6
SHA1

d3bbc5cf778c50f0bcfcda1bdb5be63a48c77141
SHA256

21d97b5ba446a51df12c2978fc16bec5f618cdb51b6017ec206e33a53fe9e2d5
SHA512

4be1aefc3b3b7ba902d253fc9721d50f4348d93b1ea07b696ffe4b1fa44cdaaf06283ad4476eb117b1123e0f554d8c17215c77eaf02ed93e8a5d0854c345f07c
SSDEEP

6144:76FXM5l3+0i+yW8+FwspGIIJBNEp6D7nomVhyVKua0t0V0tOPIZchM:76Q3+b+yWyNJBNe6/nomDUKuXt0896M

Score

10^/10

remcos 22033

Malware Config

Extracted

Family

remcos

Botnet

22033

C2

195.54.170.36:22033

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
%VR^&bty-4RZCYZ
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  b70b84b7e75e40868fcefebdc5da896e2ecdbfbb2848cdf1ea90ac4fc1926c63.exe
- Size
  
  485KB
- MD5
  
  02a54443f76eee449db229fcea8ba4c0
- SHA1
  
  6c9eb9c2a0bdee9888f697668850dc49c011bc5f
- SHA256
  
  b70b84b7e75e40868fcefebdc5da896e2ecdbfbb2848cdf1ea90ac4fc1926c63
- SHA512
  
  85db5fc4b4cb557493563110163bc12cef30d19cc7f414907b46d9991b0372ca5095913c921873250b5382c0f6248ca74cb11c0a763b566d79ecdcbe143ec025
- SSDEEP
  
  6144:OXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZKAXXcN35GvS:OX7tPMK8ctGe4Dzl4h2QnuPs/ZKXcvS
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2