Overview

overview

10

Static

static

3

d5bc991d8b...04.exe

windows7-x64

10

d5bc991d8b...04.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dfe6514d51d5b43c46230cc039418749de173cefaf075b6e4bf096688c7791c5

  • Size

    909KB

  • Sample

    240417-rz89cadh3y

  • MD5

    70eacb9f858b85af13db1601796f5d6f

  • SHA1

    cc29a6af87cb592897ec0eec6d1b24da851bc4f9

  • SHA256

    dfe6514d51d5b43c46230cc039418749de173cefaf075b6e4bf096688c7791c5

  • SHA512

    a52092aac8815a7f30d177ee5f2c124b4112cd5d3ac37b89df644f23900ee03d6915d06b4715fae060f774e64b3d5b8aaa331433bce516d9cc03eebdf5cff4f6

  • SSDEEP

    24576:hHCK0iS1zLPGddCRff5sM1luhUHoyXnOMHt9WlHC+v:NCKevG8JfCMoUHBXnklHCy

Score
10/10
remcosdeskrat

Malware Config

Extracted

Family

remcos

Botnet

DESK

C2

198.27.121.194:2024

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-EQJXDT

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      d5bc991d8b0e51e45a1b9b9baa71dda7f7dfd8e769e3a641d0cda1077bd01b04.exe

    • Size

      989KB

    • MD5

      7e2567feb06347258efd3722683a8cee

    • SHA1

      f9d174070758ad9bafb3598f24495d47ecee936d

    • SHA256

      d5bc991d8b0e51e45a1b9b9baa71dda7f7dfd8e769e3a641d0cda1077bd01b04

    • SHA512

      6e2d804b45b81ddb42590ce2ee8fc82553906d75fff1091712fa36cada76b236a6c47cd2ad54d3efeb6c056a9be0478ba1f35ec543bbc777917b46ea263f2375

    • SSDEEP

      24576:KMr8bshYpK2r0L05CQAeqKML9eT9qrTInWKraA:zwbYtL05lAeHMLstNr

    Score
    10/10
    remcosdeskrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks