remcos | 95b886994ac95993c029c32f1e580306e1aeb07e1ba9ddcfd20b6f93b0942d63 | Triage

Sharing

General

Target

95b886994ac95993c029c32f1e580306e1aeb07e1ba9ddcfd20b6f93b0942d63
Size

36KB
Sample

240419-t7smnshd93
MD5

f15ba6083619a47fe4ee5ae3e8ca921e
SHA1

4970c3d98cec21192f77f98d2219d660616c9ca5
SHA256

95b886994ac95993c029c32f1e580306e1aeb07e1ba9ddcfd20b6f93b0942d63
SHA512

11bab3c3e1bb1d8e8f97796ff807bd7c68bd938a07fc60a391a162b9139c4c46f6c31c46ab51627a0660482dab94e8921e853f26a6b8179a85f2cb67daba8af5
SSDEEP

768:XpgqRP5JlAExWIhLu3O+xRUyMgdOUrES6gCKT4f31tzY6Zperu42RxTw:XpnRPTxXu3OARegHignMf1ts6ZwD

Score

10^/10

remcos remotehost rat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

23.95.60.87:8823

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-SYIEJK
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  a32d57511ebc8b2c48fc43e2228b227bfb7eed8b34f9d55cdc9958de86bb64d9.exe
- Size
  
  72KB
- MD5
  
  1ebe49c58035c4521d998e998253260d
- SHA1
  
  7bde1b01007542cef137080ec42e4b2390d99a33
- SHA256
  
  a32d57511ebc8b2c48fc43e2228b227bfb7eed8b34f9d55cdc9958de86bb64d9
- SHA512
  
  dcd50aa0723041ad02509b9aac42b977abc083953158cd84cc8a101f2cc0885304f5a934164826b5a0c319ff0d5210d8833e9d7b7b6c1ad5b63a973e4eae7804
- SSDEEP
  
  768:tiyTdqssLTzWlSrky5qimuGdk2mxXl9fmNNS9VWzIzlBaCAWGiLFTsaBD0pdXRNv:GU0fWzOl5ZTsaBD054S5+cnl
Score

10^/10

remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

remcosremotehostrat