remcos | 5f8edf465a52b81e0c048dc42f4b975bdf7a3e8a77e1677b52793422b12e7d90 | Triage

Submit
Reports

Overview

overview

Static

static

1716402727...ed.exe

windows7-x64

9

1716402727...ed.exe

windows10-2004-x64

Sharing

General

Target

17164027273924b1df179f71bcdb4f6ddb0b6e02da51a5acba32646b7f91c4ab7945caaa21327.dat-decoded.exe
Size

483KB
Sample

240522-w665sacb2w
MD5

59efc1091f942da11955f59541eb8362
SHA1

849d9ffefa30dc439809c4bdf1c1440159d39fe4
SHA256

5f8edf465a52b81e0c048dc42f4b975bdf7a3e8a77e1677b52793422b12e7d90
SHA512

e988c07b70bd14e68872db122c5743f530f88085587a261d188a905848bb2b51b15f52c8c02b4592233af3c5dd7461515bc7b5e78bba172c8a15ef5d0a84ceee
SSDEEP

6144:2XIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZDAXYcNX5Gv:2X7tPMK8ctGe4Dzl4h2QnuPs/ZDGcv

Score

10^/10

remcos new collection rat spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

17164027273924b1df179f71bcdb4f6ddb0b6e02da51a5acba32646b7f91c4ab7945caaa21327.dat-decoded.exe

Resource

win7-20240508-en

collection spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

17164027273924b1df179f71bcdb4f6ddb0b6e02da51a5acba32646b7f91c4ab7945caaa21327.dat-decoded.exe

Resource

win10v2004-20240508-en

remcos new collection rat spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

New

C2

hoacanhceramic.com:14782

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-4X155W
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  17164027273924b1df179f71bcdb4f6ddb0b6e02da51a5acba32646b7f91c4ab7945caaa21327.dat-decoded.exe
- Size
  
  483KB
- MD5
  
  59efc1091f942da11955f59541eb8362
- SHA1
  
  849d9ffefa30dc439809c4bdf1c1440159d39fe4
- SHA256
  
  5f8edf465a52b81e0c048dc42f4b975bdf7a3e8a77e1677b52793422b12e7d90
- SHA512
  
  e988c07b70bd14e68872db122c5743f530f88085587a261d188a905848bb2b51b15f52c8c02b4592233af3c5dd7461515bc7b5e78bba172c8a15ef5d0a84ceee
- SSDEEP
  
  6144:2XIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZDAXYcNX5Gv:2X7tPMK8ctGe4Dzl4h2QnuPs/ZDGcv
Score

10^/10

collection spyware stealer remcos new rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

collectionspywarestealer

behavioral2

remcosnewcollectionratspywarestealer

© 2018-2024

Terms | Privacy