remcos | 26286ef37a9eba53b1f46820899a14ebb3472b47b8f25f4ce800826ad6551445 | Triage

Sharing

General

Target

26286ef37a9eba53b1f46820899a14ebb3472b47b8f25f4ce800826ad6551445
Size

3.1MB
Sample

240830-nd78da1ekc
MD5

0ec949707e99906b84441162d6cf8663
SHA1

d5c950207379849dbbc9d9ec00a13f60c192e232
SHA256

26286ef37a9eba53b1f46820899a14ebb3472b47b8f25f4ce800826ad6551445
SHA512

12beea010f2dce4f5d1ac0e0833b9f1bc4cac358a56559913600ced4c8bcacbe85f2d2224b81ba8f39b6a1b46fdb8867183a6b925245ef6aa33bf8ae9c205258
SSDEEP

98304:dJnxT3d2Os1/MFHjdW3/B9wjjdt2Z+J9dncsl:dJxzd2OswHMp9+v4g+sl

Score

10^/10

remcos feetfuck discovery rat

Malware Config

Extracted

Family

remcos

Botnet

feetfuck

C2

83.222.191.201:24251

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-XTJ1YO
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  Newfts.exe
- Size
  
  2.1MB
- MD5
  
  db7e67835fce6cf9889f0f68ca9c29a9
- SHA1
  
  5565afda37006a66f0e4546105be60bbe7970616
- SHA256
  
  dbd3057a58fd3407c95418bc5d9c253adc8c658ee338f22d58374ed3ea37b738
- SHA512
  
  bc2714bb408715e5e1cec1337b831e26dbda208183955a07ec8653a38c9c0f25f60f333a154b738927ce085e7bbff438963b941a6c2773b3e7325cd900e7651b
- SSDEEP
  
  24576:LvknONWhX+nZQMcPCxOlw5etZhfAgBbBEjGf4JNhy4BPQ6MwWTbVTJBrMHACgUBh:nSXUZBP5eDxAg1z4Dhy4ZMdTJTJBrs7
Score

10^/10

remcos feetfuck discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  ProductStatistics3.dll
- Size
  
  1.1MB
- MD5
  
  59c15c71fd599ff745a862d0b8932919
- SHA1
  
  8384f88b4cac4694cf510ca0d3f867fd83cc9e18
- SHA256
  
  c4ed07ad748661ce776ac6ebb4f8bef7619586bfb4443ce58c92d4b889f3d5c2
- SHA512
  
  be3425d55dcaa361bc8481b87b2086454baca79a3c948de9acf9ef7d3084d6d987c328d665b45dfcd0510e2c97c980aa63d7cd669fe9fc1a67983c325593481e
- SSDEEP
  
  12288:FkF9eUYJLwxwp//gGWFgYeGU8eUSq8HPi0xaf1Go4fDqarPk/BX2xtWG8888888q:yH5YJLWwp//iFgYhMS0sfJ4fDnrPm94
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  RegisterIdr.dll
- Size
  
  1.4MB
- MD5
  
  6fdb2e9ca6b7a5ad510e2b29831e3bc8
- SHA1
  
  4a14ee9d5660eb271a6b5f18a55ac3e05f952c68
- SHA256
  
  f510c85b98fa6fe8d30133114a34b7f77884aa58e57a0561722eeb157dc98a38
- SHA512
  
  d5248dd902d862afa060ab829fc3a39dccc26dab37737e14a3f9b90b1d3f900b3bf5821f450502a2124016acf0e84bd8979758827a92741f879b2fa4addfda06
- SSDEEP
  
  24576:BZKyPoPJJ8L8CrOT1p8XLTjNjEAVFodCG1BoaS9Q5aiy42jaiV1NwuM/uVcvTTGN:WoL8C6TeqjZ1BoFAYagbMGyvTT
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosfeetfuckdiscoveryrat

behavioral2

remcosfeetfuckdiscoveryrat

behavioral3

behavioral4

behavioral5

behavioral6