remcos | 9ada42b89ff4044fd6860e05e72e4dd35cf282924ffdd211ea6214d52191f2e9 | Triage

Sharing

General

Target

2ae8858f2387eb283387e524d9916291.exe
Size

5.1MB
Sample

241007-xqpq8s1hkl
MD5

2ae8858f2387eb283387e524d9916291
SHA1

79aa7560b375a1b32cc969ccc8f55dc2de770d7a
SHA256

9ada42b89ff4044fd6860e05e72e4dd35cf282924ffdd211ea6214d52191f2e9
SHA512

ae9806a0d09885969e463ae7522f6e44cf8835f5835b3b0e6e7bbb750834905b3f4c9ada83c6fbbc38ad3f7ae885cbaa555a9bfb2146962cc55fec93c3782f5e
SSDEEP

49152:89C6IGwcuCr4SOgkpEEd6HninHFdrSgoQz/KnlSYwJNYPMI3+73TaybdvsnY:8M6FDEdjl467ElSYwJaEIg+yb9sY

Score

10^/10

remcos 07=$octubre=$2024 discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

07=$Octubre=$2024

C2

098urni4389udn3u4imf8rufue.con-ip.com:5023

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-KR44SE
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  2ae8858f2387eb283387e524d9916291.exe
- Size
  
  5.1MB
- MD5
  
  2ae8858f2387eb283387e524d9916291
- SHA1
  
  79aa7560b375a1b32cc969ccc8f55dc2de770d7a
- SHA256
  
  9ada42b89ff4044fd6860e05e72e4dd35cf282924ffdd211ea6214d52191f2e9
- SHA512
  
  ae9806a0d09885969e463ae7522f6e44cf8835f5835b3b0e6e7bbb750834905b3f4c9ada83c6fbbc38ad3f7ae885cbaa555a9bfb2146962cc55fec93c3782f5e
- SSDEEP
  
  49152:89C6IGwcuCr4SOgkpEEd6HninHFdrSgoQz/KnlSYwJNYPMI3+73TaybdvsnY:8M6FDEdjl467ElSYwJaEIg+yb9sY
Score

10^/10

remcos 07=$octubre=$2024 discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcos07=$octubre=$2024discoverypersistencerat

behavioral2

remcos07=$octubre=$2024discoverypersistencerat