remcos | d40643b29fd2c4bc681b76ba6a2b1a4f34be0a6c5862a7660a119b072f3fa06c | Triage

Submit
Reports

Overview

overview

Static

static

7

1f75782173...88.exe

windows7-x64

7

1f75782173...88.exe

windows10-2004-x64

Sharing

General

Target

989054c5af86019ccfa32642ae628639.bin
Size

758KB
Sample

240821-byzeraxdml
MD5

40425ce36fc2ce5c75cb646656c356df
SHA1

4c27028342a2eb5e572848bd094af8c1ec13486e
SHA256

d40643b29fd2c4bc681b76ba6a2b1a4f34be0a6c5862a7660a119b072f3fa06c
SHA512

622970cee19402ec5556701f3ba83df7c1ad97847e24adde43286a1e83b9fbfbe6359319f4f7465e2ec61f8cf1cc30d323487e52973c3e63f4b268824045a4be
SSDEEP

12288:A+gPiS/fNGV6UxxjL+zU9Rz4AmvvHv6YdF7SGjHphZQtl4yYpqiExEgmCyjYQE84:EzNGV6UxxGzy4Amv/5/u2HGGz3ESBzk

Score

10^/10

remcos remotehost discovery rat upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1f75782173ef3b1b68650a95b7846bb35faa400d53b52fc1ad8b65a86bc72c88.exe

Resource

win7-20240705-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f75782173ef3b1b68650a95b7846bb35faa400d53b52fc1ad8b65a86bc72c88.exe

Resource

win10v2004-20240802-en

remcos remotehost discovery rat upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

107.175.229.139:8823

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-2BGC0K
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  1f75782173ef3b1b68650a95b7846bb35faa400d53b52fc1ad8b65a86bc72c88.exe
- Size
  
  768KB
- MD5
  
  989054c5af86019ccfa32642ae628639
- SHA1
  
  5fe55707a4eebd51723ea950aa80d3a49e810207
- SHA256
  
  1f75782173ef3b1b68650a95b7846bb35faa400d53b52fc1ad8b65a86bc72c88
- SHA512
  
  401e5f2508ddc81d24047cbf707f35c121fcc07c9e2be6f477175ee275e970a52e0aedb905ce0ca026645477d4b89dfb989dc9361302c037d632d67fe3e128d9
- SSDEEP
  
  12288:oYV6MorX7qzuC3QHO9FQVHPF51jgcHJqOhTbYQ270cUq+rMxw0GakFQjIE8xQPPK:HBXu9HGaVHH75bYjVM1T4M3aCjpn7
Score

10^/10

discovery upx remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

remcosremotehostdiscoveryratupx

© 2018-2025

Terms | Privacy