remcos | a766332dd4b26a623e341d03845c394209dedc3557d7bbb3c6a2edeeb9eadbeb | Triage

Sharing

General

Target

e1719ee53cad171914f93ac0fe8b4fa2_JaffaCakes118
Size

186KB
Sample

240915-by7q5ayfjh
MD5

e1719ee53cad171914f93ac0fe8b4fa2
SHA1

e54a178ba5fa279a9e3e863d227ca812212165dd
SHA256

a766332dd4b26a623e341d03845c394209dedc3557d7bbb3c6a2edeeb9eadbeb
SHA512

e8f5eb916c75e4d7d1dc2002e68196d50ca7ac725732573a321e42f454929dde355eb8b43af06b0471d8009511c9ac4101302ac246c967898c2cd4a385c46908
SSDEEP

3072:BpVHfZQmr9E38gcCgoQZZw6RyP6dpVDYokEv3bbZC1xNfLG:Bp2ACzQfw6yspFYokEv3bbqxNz

Score

10^/10

remcos remotehost discovery rat

Malware Config

Extracted

Family

remcos

Version

2.0.5 Pro

Botnet

RemoteHost

C2

79.172.242.28:2404

Attributes

audio_folder
audio
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
5
copy_file
remcos.exe
copy_folder
remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%AppData%
mouse_option
false
mutex
Remcos-NPFNIR
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  e1719ee53cad171914f93ac0fe8b4fa2_JaffaCakes118
- Size
  
  186KB
- MD5
  
  e1719ee53cad171914f93ac0fe8b4fa2
- SHA1
  
  e54a178ba5fa279a9e3e863d227ca812212165dd
- SHA256
  
  a766332dd4b26a623e341d03845c394209dedc3557d7bbb3c6a2edeeb9eadbeb
- SHA512
  
  e8f5eb916c75e4d7d1dc2002e68196d50ca7ac725732573a321e42f454929dde355eb8b43af06b0471d8009511c9ac4101302ac246c967898c2cd4a385c46908
- SSDEEP
  
  3072:BpVHfZQmr9E38gcCgoQZZw6RyP6dpVDYokEv3bbZC1xNfLG:Bp2ACzQfw6yspFYokEv3bbqxNz
Score

10^/10

remcos remotehost discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosremotehostdiscoveryrat

behavioral2

remcosremotehostdiscoveryrat