remcos | 9d6c191dc5109b959a34dc3c0f3cadd1c8dc590b1b73a9fe1b4bdd8ea68e7652 | Triage

Sharing

General

Target

2512-24-0x0000000000400000-0x000000000047F000-memory.dmp
Size

508KB
Sample

241114-jsp8wsvpe1
MD5

d6bac09617b04315dd98b19e30bf19ae
SHA1

361214a6ece8afae04971d81d7d5fac7ce99e7c1
SHA256

9d6c191dc5109b959a34dc3c0f3cadd1c8dc590b1b73a9fe1b4bdd8ea68e7652
SHA512

a2b7196ccd55bfc8ade4e142845df10942295baac680b1087053408b50f4b11790f924d7fe11e409e4769a6dfd50ba2a3b77df8ab72eaed99bfa9b15623f1802
SSDEEP

12288:LuD09AUkNIGBYYv4eK13x13nZHSRVMf139F5wIB7+IwtHwBtVxbesvZDS:O09AfNIEYsunZvZ19Z

Score

10^/10

remcos remotehost

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

87.120.120.25:5940

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-13MD3U
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  2512-24-0x0000000000400000-0x000000000047F000-memory.dmp
- Size
  
  508KB
- MD5
  
  d6bac09617b04315dd98b19e30bf19ae
- SHA1
  
  361214a6ece8afae04971d81d7d5fac7ce99e7c1
- SHA256
  
  9d6c191dc5109b959a34dc3c0f3cadd1c8dc590b1b73a9fe1b4bdd8ea68e7652
- SHA512
  
  a2b7196ccd55bfc8ade4e142845df10942295baac680b1087053408b50f4b11790f924d7fe11e409e4769a6dfd50ba2a3b77df8ab72eaed99bfa9b15623f1802
- SSDEEP
  
  12288:LuD09AUkNIGBYYv4eK13x13nZHSRVMf139F5wIB7+IwtHwBtVxbesvZDS:O09AfNIEYsunZvZ19Z
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

remotehostremcos

behavioral1

behavioral2