remcos | c9a78ca75655d3e311883ec93cabfc01f9b11d73fe661c3434e2fd7edf84ca79 | Triage

Sharing

General

Target

0866ee72c32ac609c4c2cf6a1cfeb415.exe.zip
Size

1.6MB
Sample

241002-r65jqssbjm
MD5

0daeac830080429e530e5e3a3dd3b927
SHA1

c1b5c6bc1c2f0857c1e46587e03e1916140905ec
SHA256

c9a78ca75655d3e311883ec93cabfc01f9b11d73fe661c3434e2fd7edf84ca79
SHA512

95a9a3260fafec3a390e2880f66fdd66f8dd316bb0e286e0323774f86b90b14fff784d6bd6b2c750cdb1a5aaeb0b5ded7c41ed44cb954cf5f65ad246e1b0e319
SSDEEP

12288:aNP3iivIK2gpqHJxDrMTvQjd9M+dkCdoypZ8PENweoHR:iqTThHvDrEvQjd95ajypDwlR

Score

10^/10

remcos aldolar discovery rat

Malware Config

Extracted

Family

remcos

Botnet

ALDOLAR

C2

panel2.con-ip.com:1993

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-35UFD7
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  0866ee72c32ac609c4c2cf6a1cfeb415.exe
- Size
  
  1024.0MB
- MD5
  
  f464cb2a198a751151a07d1790aec658
- SHA1
  
  bfc0c139d4d45ef94b3042e86695e516d7445262
- SHA256
  
  9f3b02a6099ce5cf04411920f20f7b255c3a9e085e6f28f3222e56b1405c83ea
- SHA512
  
  8d24576f2c6cfce3a113357128fa159bb2595eda765d85a88e49f262beb6b633d62eb242af41662a6c2683e83edaf070dfb6365f89c88cc5233cd8d5315c62fe
- SSDEEP
  
  12288:IPYQinsK2GZCHdxjrMvvMDd9k+Xkk3oy5dOpELw0ccDe:IPXXT/HLjrKvMDd9R0ly53wr
Score

10^/10

remcos aldolar discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosaldolardiscoveryrat

behavioral2

remcosaldolardiscoveryrat