remcos | 243f20cdb380369765796622e2e568de540cc470400cf5b0330e132e1702cd75 | Triage

Submit
Reports

Overview

overview

Static

static

3

243f20cdb3...75.exe

windows7-x64

243f20cdb3...75.exe

windows10-2004-x64

Sharing

General

Target

243f20cdb380369765796622e2e568de540cc470400cf5b0330e132e1702cd75.exe
Size

3.0MB
Sample

240626-bgc57aveka
MD5

8afc7110cee6735ab8101a03907c5cf5
SHA1

87540c6442a4cc85ae93b160b91990147effb0db
SHA256

243f20cdb380369765796622e2e568de540cc470400cf5b0330e132e1702cd75
SHA512

206e28d5c483c1e3db5911cd1f2a16c718aaf365d1d4fa49b6fc199ec89ec8d9f06d7193f4b6271899a606977a5422516d4fae7192c298f9b37f524d9a2944fc
SSDEEP

24576:dNb8/3PJ2th3kWD19Q0eWCyOgKitufPYqOaM4T:/q/ctFkWDDQ7pBi8fPY6

Score

10^/10

remcos gp rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

243f20cdb380369765796622e2e568de540cc470400cf5b0330e132e1702cd75.exe

Resource

win7-20240508-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

243f20cdb380369765796622e2e568de540cc470400cf5b0330e132e1702cd75.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

GP

C2

bossnacarpet.com:30902

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
chrome-G5E7BM
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  243f20cdb380369765796622e2e568de540cc470400cf5b0330e132e1702cd75.exe
- Size
  
  3.0MB
- MD5
  
  8afc7110cee6735ab8101a03907c5cf5
- SHA1
  
  87540c6442a4cc85ae93b160b91990147effb0db
- SHA256
  
  243f20cdb380369765796622e2e568de540cc470400cf5b0330e132e1702cd75
- SHA512
  
  206e28d5c483c1e3db5911cd1f2a16c718aaf365d1d4fa49b6fc199ec89ec8d9f06d7193f4b6271899a606977a5422516d4fae7192c298f9b37f524d9a2944fc
- SSDEEP
  
  24576:dNb8/3PJ2th3kWD19Q0eWCyOgKitufPYqOaM4T:/q/ctFkWDDQ7pBi8fPY6
Score

10^/10

remcos gp rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
- Detects executables packed with or use KoiVM
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy