remcos | 18f679a41695816dc45091ee43ebb682ffc901a09211548cada55ea87f79bc84 | Triage

Sharing

General

Target

18f679a41695816dc45091ee43ebb682ffc901a09211548cada55ea87f79bc84.exe
Size

1.0MB
Sample

240719-rjx65sydpa
MD5

f05b622dbbeb704b86e92ece36642603
SHA1

9758ff27aac55270d1b94c763dc2a5af206d935c
SHA256

18f679a41695816dc45091ee43ebb682ffc901a09211548cada55ea87f79bc84
SHA512

310f44c8bdb52eab8a7de9c28df5d82e5d70d65869ed5df1b91b260dc072059fe611abb9068790772845fb38ec19fa2e6b5b56d62ad77836175628115ae1ab4e
SSDEEP

24576:k9r+1bAypclLvMgRwnVwkg3mBz8yWJcoOicOfj3P06NoGPt:PVOlbRky3mBz8yaBOcs6jt

Score

10^/10

remcos evansnewfile rat

Malware Config

Extracted

Family

remcos

Botnet

evansnewfile

C2

91.223.3.151:4508

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-P7R5ZY
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  18f679a41695816dc45091ee43ebb682ffc901a09211548cada55ea87f79bc84.exe
- Size
  
  1.0MB
- MD5
  
  f05b622dbbeb704b86e92ece36642603
- SHA1
  
  9758ff27aac55270d1b94c763dc2a5af206d935c
- SHA256
  
  18f679a41695816dc45091ee43ebb682ffc901a09211548cada55ea87f79bc84
- SHA512
  
  310f44c8bdb52eab8a7de9c28df5d82e5d70d65869ed5df1b91b260dc072059fe611abb9068790772845fb38ec19fa2e6b5b56d62ad77836175628115ae1ab4e
- SSDEEP
  
  24576:k9r+1bAypclLvMgRwnVwkg3mBz8yWJcoOicOfj3P06NoGPt:PVOlbRky3mBz8yaBOcs6jt
Score

10^/10

remcos evansnewfile rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

remcosevansnewfilerat