General

  • Target

    c05d634d51542921796702112f1b7c8aabbaa9845eb4f26d3dffcb3bb2dfb160.exe

  • Size

    1.0MB

  • Sample

    240720-nyscnasdrc

  • MD5

    10b99ae3961639d027f2ddcbe375856a

  • SHA1

    ea79a736a00605dcde9c75ea879e1be3dc8ac29f

  • SHA256

    c05d634d51542921796702112f1b7c8aabbaa9845eb4f26d3dffcb3bb2dfb160

  • SHA512

    0b6347989bf14eee56f66fc743206f5f14cd3401b60021b1c1fcec61e206ca01e5c104ad59c85822e09181da2ca961ab96c16e519c2a0927f17811eb15cef1e5

  • SSDEEP

    24576:K+1bAypccuIxEDN4BHbgy7hlqU1dw3zknPTxd8DByWrs2N:TVOcHxEDN4R7vr1G3zknPTxmlyWrs

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

henchnewfile

C2

91.223.3.151:4508

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-8DZ5LO

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      c05d634d51542921796702112f1b7c8aabbaa9845eb4f26d3dffcb3bb2dfb160.exe

    • Size

      1.0MB

    • MD5

      10b99ae3961639d027f2ddcbe375856a

    • SHA1

      ea79a736a00605dcde9c75ea879e1be3dc8ac29f

    • SHA256

      c05d634d51542921796702112f1b7c8aabbaa9845eb4f26d3dffcb3bb2dfb160

    • SHA512

      0b6347989bf14eee56f66fc743206f5f14cd3401b60021b1c1fcec61e206ca01e5c104ad59c85822e09181da2ca961ab96c16e519c2a0927f17811eb15cef1e5

    • SSDEEP

      24576:K+1bAypccuIxEDN4BHbgy7hlqU1dw3zknPTxd8DByWrs2N:TVOcHxEDN4R7vr1G3zknPTxmlyWrs

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks