remcos | 651fe7043775dc1ae5fc74dae2d5f0aa033908b32a025d5dd13bb2cbbf80e5c3 | Triage

Sharing

General

Target

651fe7043775dc1ae5fc74dae2d5f0aa033908b32a025d5dd13bb2cbbf80e5c3
Size

7KB
Sample

241125-bg7psszlev
MD5

8c6cdb4f876591c2b45a998cd69c8d0e
SHA1

05e3413ddcb35c14101b87d83572a4423702fdcb
SHA256

651fe7043775dc1ae5fc74dae2d5f0aa033908b32a025d5dd13bb2cbbf80e5c3
SHA512

a19a7368efd239bea28f79cf0dd46cfcd3addbadc19a971ac3b596f0b3b7d76e52aca999715175f54ade2efa61a83eeecc3996e359e8333c27c623edd57cb3c3
SSDEEP

96:K8919wUZr1J2L0VBokKqMUIithO3+1OmSv7XMBiodW/WzNt:71TR2Le1ZO3+MJv7Xe7dW/w

Score

10^/10

remcos nappy discovery rat

Malware Config

Extracted

Family

remcos

Botnet

nappy

C2

87.120.114.20:53279

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-7OMTSU
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  651fe7043775dc1ae5fc74dae2d5f0aa033908b32a025d5dd13bb2cbbf80e5c3
- Size
  
  7KB
- MD5
  
  8c6cdb4f876591c2b45a998cd69c8d0e
- SHA1
  
  05e3413ddcb35c14101b87d83572a4423702fdcb
- SHA256
  
  651fe7043775dc1ae5fc74dae2d5f0aa033908b32a025d5dd13bb2cbbf80e5c3
- SHA512
  
  a19a7368efd239bea28f79cf0dd46cfcd3addbadc19a971ac3b596f0b3b7d76e52aca999715175f54ade2efa61a83eeecc3996e359e8333c27c623edd57cb3c3
- SSDEEP
  
  96:K8919wUZr1J2L0VBokKqMUIithO3+1OmSv7XMBiodW/WzNt:71TR2Le1ZO3+MJv7Xe7dW/w
Score

10^/10

discovery remcos nappy rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

remcosnappydiscoveryrat