remcos | bd380a3cc6385cefb908f788db79dab781e72a13b41024ae5d8ffb5f4009790f | Triage

Resubmissions

23/10/2024, 15:53

241023-tbpk5sybpd 10

23/10/2024, 15:51

241023-tawcaszgnn 10

Sharing

General

Target

3068-28-0x0000000000400000-0x000000000047F000-memory.dmp
Size

508KB
Sample

241023-tawcaszgnn
MD5

38a6aad6f235a3a5d77021e5a350c8de
SHA1

506664cf7ea142638a79c43031fa6c6b0769907a
SHA256

bd380a3cc6385cefb908f788db79dab781e72a13b41024ae5d8ffb5f4009790f
SHA512

c84135a1cacdd30ad02e5e6ae409594bdf9de2172267b1f36f2b6853b56a45d8aa2a12d0368ce95405f63f167e4e30b4637be4291ce689be5b48da22f1d7f202
SSDEEP

6144:WAg4RVDZlHx5k7iLZnaSguI2IiRL/SISjw8nHWh1R2K3g9ZsAOZZQmXxlcK:Wmnk7iLJbpIpiRL6I2WhSKQ9ZsfZQS

Score

10^/10

remcos 76485

Malware Config

Extracted

Family

remcos

Botnet

76485

C2

windowsocttehe.duckdns.org:52411

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
764-0XPV9J
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  3068-28-0x0000000000400000-0x000000000047F000-memory.dmp
- Size
  
  508KB
- MD5
  
  38a6aad6f235a3a5d77021e5a350c8de
- SHA1
  
  506664cf7ea142638a79c43031fa6c6b0769907a
- SHA256
  
  bd380a3cc6385cefb908f788db79dab781e72a13b41024ae5d8ffb5f4009790f
- SHA512
  
  c84135a1cacdd30ad02e5e6ae409594bdf9de2172267b1f36f2b6853b56a45d8aa2a12d0368ce95405f63f167e4e30b4637be4291ce689be5b48da22f1d7f202
- SSDEEP
  
  6144:WAg4RVDZlHx5k7iLZnaSguI2IiRL/SISjw8nHWh1R2K3g9ZsAOZZQmXxlcK:Wmnk7iLJbpIpiRL6I2WhSKQ9ZsfZQS
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2