remcos | 179e3a41944c9d8469fcb991f71098612bb955607b2c89c6cec325ae1722e2eb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

nDETAILS.r11.rar
Size

1.5MB
Sample

240812-nqkmvayhqp
MD5

a48e6d5e95fea37b8ef1592898cde46f
SHA1

212c622bb9e18258e279d553f53955421096c25c
SHA256

179e3a41944c9d8469fcb991f71098612bb955607b2c89c6cec325ae1722e2eb
SHA512

c2ac936b17301f7396f0dffed1692bc3c389db7f8a34e6261ab5c2580a8c081e905ab42897f10027400dc31effffd21ad58b28f123139820546a2ce8de4462ba
SSDEEP

24576:HIBmi8WRZ30HSGXFc2jQJP7Ade2aH8QUnNdMe+T2G69Prt3afxlZDfbJsxE:Cmi9ZoZZUQPW8jee+5uPrgftjP

Score

10^/10

remcos appo discovery rat

Malware Config

Extracted

Family

remcos

Botnet

APPO

C2

pronpostavka.com:2559

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
chrome-EZMR6Q
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  Your file name without extension goes here.exe
- Size
  
  3.3MB
- MD5
  
  c8b35641222f7b9e0527709d4445e195
- SHA1
  
  ae0127dd5c9cdda766df5c019abc915782780023
- SHA256
  
  25570edd9543fd766bece1d4f1b7c74e5587f27d29779a26c9fd321f8fca452a
- SHA512
  
  9f4f7fad60fec1de97c4fe651b22e5c7b821620b1094dac10969dd611e20beee7c38ce21652bfa2a6e906b15fc9f38dafc062686dd12d3c4efd21ad313a6ec44
- SSDEEP
  
  49152:6SXY882hyUdD9+j0CqaUet3v/CYqNowC1JF01jBUH2Y6c1VVyakH96q:XvNotU3aH2Y6c0dL
Score

10^/10

remcos appo discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosappodiscoveryrat

behavioral2

remcosappodiscoveryrat