General

  • Target

    bf0544c92b379c01615e44f645578572e2bdcc966c5125b1198e5d2c118f277e.zip

  • Size

    866KB

  • Sample

    240904-hz3xwsxfkg

  • MD5

    57ed22b15518fc4ec3aa91433c3a7dab

  • SHA1

    ed2dc82c42cee625bf1cf4f57f092be4b1d0dc86

  • SHA256

    15009b7486ce6a2ed0f1f0ebcccce1a16238fe2a439b3348a3dc2a68c903759f

  • SHA512

    f71073a3d3dad60529c5c17a3e403f899496668e6c6a59f516f1a272a8ba6cdd1ca42036c627260b47281f834dc76b6fdbb807fca44de3afd96b97806fa9404b

  • SSDEEP

    24576:Scv+1hdTSKdQfIF7lDwelSewbZCkl1MJJQEOH1KGt:SrbbeQZD7lzxksJG/V5t

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

154.216.18.216:2404

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-7K8JAD

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      bf0544c92b379c01615e44f645578572e2bdcc966c5125b1198e5d2c118f277e.exe

    • Size

      1.3MB

    • MD5

      c4fece311d6ad36ec3f85fcded890197

    • SHA1

      7494644e33239d3668728571dfda2d786c96a04e

    • SHA256

      bf0544c92b379c01615e44f645578572e2bdcc966c5125b1198e5d2c118f277e

    • SHA512

      c5caed981f8a874a25af9b6aba0e0671670917c80ff149c96e501e10977b6f8e6719d8485fa4f562f61149cca9a7339771c1c1c1154fcc603fc65ce53419ae8f

    • SSDEEP

      24576:UAHnh+eWsN3skA4RV1Hom2KXMmHa7MnFfmMlwG07QFL+SEI5:jh+ZkldoPK8Ya7IFfmMc7QTP

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.