remcos | 38bf1b283154bc20e3812e560d75bc85baa3f74458a8577b570ba26f0637f2f7 | Triage

Sharing

General

Target

38bf1b283154bc20e3812e560d75bc85baa3f74458a8577b570ba26f0637f2f7.gz
Size

999KB
Sample

241123-cqx3dsvrfv
MD5

991e74cd88afb9523f61cda0a450f2a3
SHA1

2fe326b0eae75dc1423a1088fd861f8a635fdc0b
SHA256

38bf1b283154bc20e3812e560d75bc85baa3f74458a8577b570ba26f0637f2f7
SHA512

1c997c9e01213e9ac5399f14ff53fd601aa260d1b12baeb99783066c6e7f3338d291acad9d91522b92f0591efa1182f2a11168ca4beec2b267a65b6414e1518c
SSDEEP

12288:NVkPZBcX8IhSbLNmCSHlNjedMch4F3NvU1aJDzkgMhbgpsG4REKGba26cCj5MCbY:NyPZB+mQmdM649Ns1yBV4REB6cH1O3vi

Score

10^/10

remcos host discovery rat

Malware Config

Extracted

Family

remcos

Botnet

Host

C2

oyo.work.gd:3142

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
vlc
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
true
keylog_file
logs.dat
keylog_flag
false
keylog_folder
pdf
mouse_option
false
mutex
jkm-I9KENP
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
ios
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  800399031-18.11.2024.pdf.exe
- Size
  
  1.0MB
- MD5
  
  54a5436bb5bf3977e98eda5ce6f8e8d2
- SHA1
  
  5aed6273fe965d5e0c41b0e934aa92099327e4da
- SHA256
  
  efbc15ccbe9e7b1f1648d94c5e38e3149bff5d33ad93c0a56e68db648050509a
- SHA512
  
  0948ad9fb15f733c2a7df75f72da0dbd9a96e27b8228b11346c20fdcd0fc2888c634bc2ba5cb3ffd82c79190745ac7eba8f278d7036d79fa2cab6de8fc1f6ab9
- SSDEEP
  
  12288:FWCYKo7G7uh5W7R1c7MWLy5FbvG8bDzIMM3bGpsgUVEgcb8YaMCnHMybyac7nSZ7:FW+o7Co5Ww7Muyjbu4VlUVEtaMJZ7SZ
Score

10^/10

remcos host discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcoshostdiscoveryrat

behavioral2

remcoshostdiscoveryrat