remcos | 11eb819cbd3fdf4c4058d142846e0068f19ac472524cef23565db6eb19422dbe | Triage

Sharing

General

Target

lib.exe
Size

1.2MB
Sample

241015-nzat1awhjk
MD5

b2aa20bc49612dad305b97c79abc54ce
SHA1

b010ca5464ca9900348b5f1f5a07165595cee3e3
SHA256

11eb819cbd3fdf4c4058d142846e0068f19ac472524cef23565db6eb19422dbe
SHA512

de2674f5a350cd0f542ae586169ea0b57433be697fc30b58185422f46685974f25843208244f22813f032d178e1a191d74f5af2374845cb305cdcd012abef70b
SSDEEP

24576:yoZAAchGnifgJ+mlr7Q/5h/731IMWj6IhHD5EzLSMkWwz16J:PSAiWlreqrK2dx

Score

10^/10

remcos lamp7 discovery rat

Malware Config

Extracted

Family

remcos

Version

2.5.1 Pro

Botnet

Lamp7

C2

37.252.4.208:9008

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
true
keylog_file
data.bin
keylog_flag
false
keylog_folder
Radio
keylog_path
%Temp%
mouse_option
false
mutex
1252cbf49-88cd-4b59-a7eb-fc6c523fde-84YHI8
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
wikipedia;solitaire;

Targets

- Target
  
  lib.exe
- Size
  
  1.2MB
- MD5
  
  b2aa20bc49612dad305b97c79abc54ce
- SHA1
  
  b010ca5464ca9900348b5f1f5a07165595cee3e3
- SHA256
  
  11eb819cbd3fdf4c4058d142846e0068f19ac472524cef23565db6eb19422dbe
- SHA512
  
  de2674f5a350cd0f542ae586169ea0b57433be697fc30b58185422f46685974f25843208244f22813f032d178e1a191d74f5af2374845cb305cdcd012abef70b
- SSDEEP
  
  24576:yoZAAchGnifgJ+mlr7Q/5h/731IMWj6IhHD5EzLSMkWwz16J:PSAiWlreqrK2dx
Score

10^/10

remcos lamp7 discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcoslamp7discoveryrat

behavioral2

remcoslamp7discoveryrat