Analysis
-
max time kernel
298s -
max time network
293s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
05-10-2024 21:40
Behavioral task
behavioral1
Sample
remcos_a.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
remcos_a.exe
Resource
win7-20240903-en
Behavioral task
behavioral3
Sample
remcos_a.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
remcos_a.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
remcos_a.exe
Resource
win11-20240802-en
General
-
Target
remcos_a.exe
-
Size
429KB
-
MD5
d326632e1d027013114bb958480e95a2
-
SHA1
10166c50d433cc0f8f58029adb440478729e9fef
-
SHA256
ae796ccd550f13ec200f3f85cd6b74bbe4ec5dc340433df02ac5ae31abae292e
-
SHA512
4c8da9780cf7a330886847f791d9e4946636b7b649941121082740331bd17283d23b9931202d4be91fe54ecd069a8f16ea74b51f873e2164c4adb85e281cf63f
-
SSDEEP
6144:SvRscHtVzjwIRFzJZ2p26+jFWXYnj9iT2ebvXmUcCqkmAO2rjXH7ycDN3:SvRs4OIm2hWX4U2ebvRUAr7733
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
remcos_a.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language remcos_a.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
remcos_a.exepid process 1624 remcos_a.exe -
Suspicious use of SendNotifyMessage 1 IoCs
Processes:
remcos_a.exepid process 1624 remcos_a.exe