remcos | 6bd66761e556db0e54a92d313facc2b6e37b37343aefad922a9804a8a198f02c

Analysis

max time kernel
300s
max time network
300s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 00:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6bd66761e556db0e54a92d313facc2b6e37b37343aefad922a9804a8a198f02c.exe
Size

488KB
MD5

beb4d025d816845f5092dca8667a0a69
SHA1

c0466e076485419791d534f84045c312e193cc0b
SHA256

6bd66761e556db0e54a92d313facc2b6e37b37343aefad922a9804a8a198f02c
SHA512

d874ef77a52abd97476b1f2c19a8b8337f9c2058ae35e21c0bf167580e46f59d10900af2043da48b68ba600e7b9bf8a0c6caad6460becb25cd51da6ae7b28379
SSDEEP

12288:mqsl/2D9H+9BSS9+wB4sT23D4aqpgGoDRnXEIsP0MUVWrLteQ:i925+9Bv9+xU23EaqKG8JscMUsrpeQ

Score

10^/10

remcos may devotion 2024 rat

Malware Config

Extracted

Family

remcos

Botnet

MAY DEVOTION 2024

pentester0.accesscam.org:56796

archived.zapto.org:56797

honeypotresearchteam.duckdns.org:13922

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
wetransfer.exe
copy_folder
wetransfer
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
wetransfer
mouse_option
false
mutex
wetransfer-F4RIT7
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Signatures

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos

C:\Users\Admin\AppData\Local\Temp\6bd66761e556db0e54a92d313facc2b6e37b37343aefad922a9804a8a198f02c.exe
"C:\Users\Admin\AppData\Local\Temp\6bd66761e556db0e54a92d313facc2b6e37b37343aefad922a9804a8a198f02c.exe"
1⤵
PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1996-0-0x0000000000590000-0x0000000000615000-memory.dmp

Filesize
532KB

Download
memory/1996-1-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-2-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-3-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-6-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-7-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-8-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-11-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-12-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-15-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-16-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-19-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-20-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-23-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-24-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-27-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-28-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-32-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-36-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-37-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-40-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-41-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-45-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-48-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-49-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-52-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-53-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-57-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-60-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1996-61-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads