remcos | 4b7b4c5dd8a884bdf86dd220a8a79f0a0c68535289b9d788e1592263e583c99b | Triage

Sharing

General

Target

d2507dfe5d62ab901599860661f1ac51.exe
Size

7.7MB
Sample

241004-apgmxavbjm
MD5

d2507dfe5d62ab901599860661f1ac51
SHA1

4347cb2ca611dc20ca987ba8ec7eedbecb27a73b
SHA256

4b7b4c5dd8a884bdf86dd220a8a79f0a0c68535289b9d788e1592263e583c99b
SHA512

0cd62add6a2cadb6fca898e939f66c92357d168ba3c316ef519749ceca5d2e1d424a58b5d21234ef5beb13277e21d601e75a85cbc1f94aba95f309300a686332
SSDEEP

98304:TKp5jJ5EVOzW8VrAqZkeNcX3NU3dW2/GSUJWXKtOLXfYxeZVSNbC+vw/qiYl7mxy:TEjJ5TpZkeNctAIJmx0UE6xo

Score

10^/10

remcos xoaoamort discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

XOAOAMORT

C2

carroosmfjdjs.con-ip.com:1661

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-BTGK97
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  d2507dfe5d62ab901599860661f1ac51.exe
- Size
  
  7.7MB
- MD5
  
  d2507dfe5d62ab901599860661f1ac51
- SHA1
  
  4347cb2ca611dc20ca987ba8ec7eedbecb27a73b
- SHA256
  
  4b7b4c5dd8a884bdf86dd220a8a79f0a0c68535289b9d788e1592263e583c99b
- SHA512
  
  0cd62add6a2cadb6fca898e939f66c92357d168ba3c316ef519749ceca5d2e1d424a58b5d21234ef5beb13277e21d601e75a85cbc1f94aba95f309300a686332
- SSDEEP
  
  98304:TKp5jJ5EVOzW8VrAqZkeNcX3NU3dW2/GSUJWXKtOLXfYxeZVSNbC+vw/qiYl7mxy:TEjJ5TpZkeNctAIJmx0UE6xo
Score

10^/10

remcos xoaoamort discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosxoaoamortdiscoverypersistencerat

behavioral2

remcosxoaoamortdiscoverypersistencerat