remcos | 20e2d25b03051e10abe37c960704bb1b5e24bb5c0f74275e50163f4003410ced | Triage

Sharing

General

Target

20e2d25b03051e10abe37c960704bb1b5e24bb5c0f74275e50163f4003410ced
Size

266KB
Sample

240417-rrae2sdc5z
MD5

abe9370fdb9aed73315a450cd3565b7e
SHA1

dbc7814bef39052882319bee5e3781eb91d7a132
SHA256

20e2d25b03051e10abe37c960704bb1b5e24bb5c0f74275e50163f4003410ced
SHA512

4ed89c80f1d22032b0886b8f4266be81e166ddaa8e3af7438b2883c62e23600c68b6c79215005686e3df1c5ded9fb7312b52998c9993365617e07caf6e321135
SSDEEP

6144:1sTig4UwEETRFOX6P+FLsFMkZOYUZdwTzfGRL8CdtYWwZvEWe:+ikwEETRdq1EWdwTiR4ateBEP

Score

10^/10

remcos 23033

Malware Config

Extracted

Family

remcos

Botnet

23033

C2

188.116.23.142:23033

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
0x0053ffdfdd
keylog_flag
false
keylog_folder
Sysinfo
keylog_path
%AppData%
mouse_option
false
mutex
Rmc-JG5PN4
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  df00f112e25af6405916498f807929598b7fc4840885f5ae55814fb7081518a3.exe
- Size
  
  486KB
- MD5
  
  595852c92f5da87ceb5cc7167f015a72
- SHA1
  
  030c0135d242290af5535c8fd7ceebf70b450b68
- SHA256
  
  df00f112e25af6405916498f807929598b7fc4840885f5ae55814fb7081518a3
- SHA512
  
  5a87d375ab1534daa3b9f1b451d1ef43203b7c6fd2f1b5b7f1cdcef2eae0687e36e84cd470afb48f1d46af9dd39531596d799beaf025cb600f60486f94818db0
- SSDEEP
  
  6144:hXIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZHAX7cNu5GvL:hX7tPMK8ctGe4Dzl4h2QnuPs/ZHicvL
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2