General

  • Target

    3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12

  • Size

    1.4MB

  • Sample

    240821-msnxlstfla

  • MD5

    a7d556fe55e0e65a90ae6736f8b5b2ef

  • SHA1

    8515062d32f240af1e1a30de58eaa9dc9010eff2

  • SHA256

    3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12

  • SHA512

    e05b9a3dc6e2a0f77d748bf75977e0924c1a5f532418baa923d0428fd3657cb197855ff79f7c86ebd52c4d8a69b4456142b46eb78c035424ef79f052e6838a7e

  • SSDEEP

    24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8aAyGyH4ImIbDA1p4nHdPf:ZTvC/MTQYxsWR7aAy/BmRH4H9

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

23.95.235.18:2557

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-E0JKXE

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12

    • Size

      1.4MB

    • MD5

      a7d556fe55e0e65a90ae6736f8b5b2ef

    • SHA1

      8515062d32f240af1e1a30de58eaa9dc9010eff2

    • SHA256

      3586e5e3fdaa6b183e26aa6cf314db1143b1fc128d753fc712fa2eb3b3447b12

    • SHA512

      e05b9a3dc6e2a0f77d748bf75977e0924c1a5f532418baa923d0428fd3657cb197855ff79f7c86ebd52c4d8a69b4456142b46eb78c035424ef79f052e6838a7e

    • SSDEEP

      24576:ZqDEvCTbMWu7rQYlBQcBiT6rprG8aAyGyH4ImIbDA1p4nHdPf:ZTvC/MTQYxsWR7aAy/BmRH4H9

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

MITRE ATT&CK Enterprise v15

Tasks