remcos | 5f9d95637b1348e981abef772c51c101b58175df90f64824c3591fc56ad9c31c | Triage

Sharing

General

Target

2148-3-0x0000000000400000-0x00000000008D0000-memory.dmp
Size

4.8MB
Sample

241107-r1gwgstkfy
MD5

7a93051491a25327b0842e6406a51d4e
SHA1

158c42c115996f252889a747e256f8a44b29c4a3
SHA256

5f9d95637b1348e981abef772c51c101b58175df90f64824c3591fc56ad9c31c
SHA512

ff9cc335efe6356204241a0577cda02823f27ad8694eeea136af7b21f41e06443f08761e3267c1323d58333b5a4382ba5efafc9ef6b4e59b11c45b76707c37d1
SSDEEP

98304:DaSOJPi1FZJWtyRMvDTqNFlU2TraIlCgAxyBsusnnvwYKj:DxplU2naTxkyv6

Score

10^/10

remcos ms-office rat

Malware Config

Extracted

Family

remcos

Botnet

ms-office

C2

ms-office.duckdns.org:39438

ms-office1.duckdns.org:39439

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-MXJN22
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  2148-3-0x0000000000400000-0x00000000008D0000-memory.dmp
- Size
  
  4.8MB
- MD5
  
  7a93051491a25327b0842e6406a51d4e
- SHA1
  
  158c42c115996f252889a747e256f8a44b29c4a3
- SHA256
  
  5f9d95637b1348e981abef772c51c101b58175df90f64824c3591fc56ad9c31c
- SHA512
  
  ff9cc335efe6356204241a0577cda02823f27ad8694eeea136af7b21f41e06443f08761e3267c1323d58333b5a4382ba5efafc9ef6b4e59b11c45b76707c37d1
- SSDEEP
  
  98304:DaSOJPi1FZJWtyRMvDTqNFlU2TraIlCgAxyBsusnnvwYKj:DxplU2naTxkyv6
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

ms-officeremcos

behavioral1

behavioral2