remcos | c32d6e5170ab29fbfdd30e21944caace6ca4543bd9d07159aac2205d3077cbba | Triage

Submit
Reports

Overview

overview

Static

static

3

ddddd.vmp.exe

windows10-2004-x64

Sharing

General

Target

ddddd.vmp.exe
Size

863KB
Sample

241115-mryenawqbq
MD5

4fc4b8ab66fb7a44509e1deecab3d29b
SHA1

bec1a36c002293263696493cffc25ca62c24e0d2
SHA256

c32d6e5170ab29fbfdd30e21944caace6ca4543bd9d07159aac2205d3077cbba
SHA512

3be9cabb51a345fc174e41897d90b243ffcadb09bcd47d937194aaf0313c2ef1a32a9c02ffa1ea053574daf6ffd1981a6578c45f120b1a8fa212a5485fbfd307
SSDEEP

24576:c5FnNeSFX4By2BY0Kqx0eyvlXFNtC5OMcQob:mRFX4By2mT/eyvlXFrCob

Score

10^/10

remcos svchost discovery execution rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ddddd.vmp.exe

Resource

win10v2004-20241007-en

remcos svchost discovery execution rat upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

svchost

C2

schedule-lambda.gl.at.ply.gg:52195

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
svchost.exe
copy_folder
svchost
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
true
install_path
%WinDir%\System32
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-UZHX9X
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Microsoft Systems inc.
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  ddddd.vmp.exe
- Size
  
  863KB
- MD5
  
  4fc4b8ab66fb7a44509e1deecab3d29b
- SHA1
  
  bec1a36c002293263696493cffc25ca62c24e0d2
- SHA256
  
  c32d6e5170ab29fbfdd30e21944caace6ca4543bd9d07159aac2205d3077cbba
- SHA512
  
  3be9cabb51a345fc174e41897d90b243ffcadb09bcd47d937194aaf0313c2ef1a32a9c02ffa1ea053574daf6ffd1981a6578c45f120b1a8fa212a5485fbfd307
- SSDEEP
  
  24576:c5FnNeSFX4By2BY0Kqx0eyvlXFNtC5OMcQob:mRFX4By2mT/eyvlXFrCob
Score

10^/10

remcos svchost discovery execution rat upx
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcossvchostdiscoveryexecutionratupx

© 2018-2024

Terms | Privacy