remcos

General

Target

19857484383.zip
Size

563KB
Sample

241113-b14r9avake
MD5

8a4599a17d9c2327c121a9f5387fa122
SHA1

13985d2dc3be333262d07de368020cb44faf2b73
SHA256

279e6454f60cffc29bb9df8fc868040ec71de89b6533bbdc8b9dc4c247d2c05f
SHA512

f3830662c7d0d55788575cc0a604ff322122b4bd398170e7847397ff59765e14265ded00b2ca1bc33f942569317424c93cef8460ebcb741d0b3cf0cc8a04d9d3
SSDEEP

12288:eD8IM4CjxWmuNWDy1OWyiH1qHtFmDsI9UvKc8JLWa9npzT426P32z:mbMTjxWwDovH1g3IsIoKc6Wa0f+z

Score

10^/10

Malware Config

Extracted

Family

remcos

Botnet

XTMLSZXWCHHXVQNGBJKCGKJABODFDCVSOPGOKTVT

C2

104.254.90.251:20990

141.98.101.133:20990

173.44.55.155:20990

213.152.161.30:20990

128.127.105.184:20990

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
log.dat
keylog_flag
false
keylog_folder
Services
keylog_path
%AppData%
mouse_option
false
mutex
-WAO8G4
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
image
screenshot_path
%AppData%
screenshot_time
10
startup_value
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
Gemini;banking;online;secure;digital;crypto;card;bitcoin;coin;bank;checkout;pay;personal;mastercard;visa;wallet;paypal;admin;blockchain;coinbase;transaction;confidential;recover;recovery;phrase;key;bit;ethereum;WhatsApp;transfer;sign;wire;login;credit card;paypal;account information;bank;deposit;creditcard;debitcard;wire,wiretransfer;statementofaccount;purchaseorder;phonenumber;payment;wallet;cheque;

Targets

- Target
  
  716ac0e414f59189a83624792201a9bd162759fbbe32a6ff4bd97b624022f2bc
- Size
  
  593KB
- MD5
  
  cf4c1982ce894d3b3bdf3f00361abece
- SHA1
  
  8b056dfdcde436ba8730497303bf3765da85d7f2
- SHA256
  
  716ac0e414f59189a83624792201a9bd162759fbbe32a6ff4bd97b624022f2bc
- SHA512
  
  07479bd9877121ac3d923a401df3d741c96ab4bad4f1350097d5aa9943098786969361f5159806fdb7f936d789ea3d9d6633d855ec3586e03a91461dc8616334
- SSDEEP
  
  12288:k9jDEMg3ufeYNWJkexStsu8+CjmjvIXWIn2ws/jP4N5HhP2pEWnJcK5sHuq:E4ufvWJTxusf+CjmLIXWI2wwz4THF0EP
Score

10^/10

remcos xtmlszxwchhxvqngbjkcgkjabodfdcvsopgoktvt discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Remcos family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2