remcos | 48bc32a1d2d84b7c3f61d1839972c2d36b14d3ab30270cad4cbb4d3b04205407 | Triage

Submit
Reports

Overview

overview

Static

static

5

MalwareBazaar.exe

windows7-x64

MalwareBazaar.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

MalwareBazaar.3
Size

1.3MB
Sample

240722-zxmassydpj
MD5

b30be2bc141cfd8968a7a04c9829f9e6
SHA1

b34742a5ccae99ca650eb7b9b15e8e709a5a0e09
SHA256

48bc32a1d2d84b7c3f61d1839972c2d36b14d3ab30270cad4cbb4d3b04205407
SHA512

a272dc996e320df1d7b4f58274ce8ed3e9e94bc0c6eaaab543b6620014f745307ee4e7ba32dcbfca380a9f488f2849ada24bbe5805015b3a6c8afd313bb8432d
SSDEEP

24576:wAHnh+eWsN3skA4RV1Hom2KXMmHamxu8cYi4BzzaYOiNvKGW5:nh+ZkldoPK8YamxBcY3Bfa0Ny3

Score

10^/10

remcos remotehost rat

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

MalwareBazaar.exe

Resource

win7-20240704-en

remcos remotehost rat

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

MalwareBazaar.exe

Resource

win10v2004-20240704-en

remcos remotehost rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

ocservice.duckdns.org:6622

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
evferf
mouse_option
false
mutex
Rmc-5U6QT9
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  MalwareBazaar.3
- Size
  
  1.3MB
- MD5
  
  b30be2bc141cfd8968a7a04c9829f9e6
- SHA1
  
  b34742a5ccae99ca650eb7b9b15e8e709a5a0e09
- SHA256
  
  48bc32a1d2d84b7c3f61d1839972c2d36b14d3ab30270cad4cbb4d3b04205407
- SHA512
  
  a272dc996e320df1d7b4f58274ce8ed3e9e94bc0c6eaaab543b6620014f745307ee4e7ba32dcbfca380a9f488f2849ada24bbe5805015b3a6c8afd313bb8432d
- SSDEEP
  
  24576:wAHnh+eWsN3skA4RV1Hom2KXMmHamxu8cYi4BzzaYOiNvKGW5:nh+ZkldoPK8YamxBcY3Bfa0Ny3
Score

10^/10

remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

remcosremotehostrat

behavioral2

remcosremotehostrat

© 2018-2025

Terms | Privacy