remcos

General

Target

94a9d476fd9df518316104ed58195552129690fd9d8a9ce46da0552041d77f48
Size

2.2MB
Sample

241114-x5n39ascne
MD5

841e146dc1e60c4358304956fd26af4b
SHA1

e866ced42478115563a8dacf325fb6eddf1d97c1
SHA256

94a9d476fd9df518316104ed58195552129690fd9d8a9ce46da0552041d77f48
SHA512

6f4856b1f5fa92d63cad891c3e304432141f39f4bf7d688713363facadf9f217b900301df29efbe134300af47690d170336e97bff6674e53f58434cb47fe81c3
SSDEEP

49152:1LCE9WFu7X9T1r9KfmJWGC196RD+O3/+fZ4Cv21kt:1j+aX9T1pKOJWvf6Jh3/+fuCv2Ct

Score

10^/10

Malware Config

Extracted

Family

remcos

Botnet

DropBoxF

C2

cubalibreu6obyau6j8.duckdns.org:2020

Attributes

audio_path
%UserProfile%
audio_record_time
5
connect_delay
0
connect_interval
1
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
flof
keylog_flag
false
keylog_folder
tlof
keylog_path
%AppData%
mouse_option
false
mutex
fMXJEdWdidHdX-6WDMJ4
screenshot_crypt
false
screenshot_flag
false
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  41589419116464448286035679864158972845276735013687.exe
- Size
  
  2.7MB
- MD5
  
  b00ececc12e8dedbe256613f1b945b23
- SHA1
  
  97cb8249006a80e0773bb3aaba631171715ffcd4
- SHA256
  
  87768a35d6a9b73f30d4d4adcd96b8c4cca695dec762fe7962859972fbd75e56
- SHA512
  
  afd4ea1986da088c3f4c2757baeb4b21b14bd4b5e22e00260eca7e719c8fc78d803443b9dfc457799ab7b2d7d306395fbd48bf9d1bde260106a7ad3038c93d97
- SSDEEP
  
  49152:9wREDDM04bCaLjmFy1nOFPG/3E1/4BtkMgHeXDREnz+d:9wREsbCaLaeO2EJSkTs0+d
Score

10^/10

discovery remcos dropboxf execution rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Run Powershell to execute payload.
  execution
behavioral1 behavioral2
- Target
  
  41589419116464448286035679864158972845276735013687.exe
- Size
  
  2.7MB
- MD5
  
  b00ececc12e8dedbe256613f1b945b23
- SHA1
  
  97cb8249006a80e0773bb3aaba631171715ffcd4
- SHA256
  
  87768a35d6a9b73f30d4d4adcd96b8c4cca695dec762fe7962859972fbd75e56
- SHA512
  
  afd4ea1986da088c3f4c2757baeb4b21b14bd4b5e22e00260eca7e719c8fc78d803443b9dfc457799ab7b2d7d306395fbd48bf9d1bde260106a7ad3038c93d97
- SSDEEP
  
  49152:9wREDDM04bCaLjmFy1nOFPG/3E1/4BtkMgHeXDREnz+d:9wREsbCaLaeO2EJSkTs0+d
Score

10^/10

discovery remcos dropboxf execution rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Run Powershell to execute payload.
  execution
behavioral3 behavioral4
- Target
  
  41589419116464448286035679864158972845276735013687.exe
- Size
  
  2.7MB
- MD5
  
  b00ececc12e8dedbe256613f1b945b23
- SHA1
  
  97cb8249006a80e0773bb3aaba631171715ffcd4
- SHA256
  
  87768a35d6a9b73f30d4d4adcd96b8c4cca695dec762fe7962859972fbd75e56
- SHA512
  
  afd4ea1986da088c3f4c2757baeb4b21b14bd4b5e22e00260eca7e719c8fc78d803443b9dfc457799ab7b2d7d306395fbd48bf9d1bde260106a7ad3038c93d97
- SSDEEP
  
  49152:9wREDDM04bCaLjmFy1nOFPG/3E1/4BtkMgHeXDREnz+d:9wREsbCaLaeO2EJSkTs0+d
Score

10^/10

discovery remcos dropboxf execution rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Run Powershell to execute payload.
  execution
behavioral5 behavioral6