Overview

overview

10

Static

static

5

OBA2.exe

windows7-x64

10

OBA2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3bd9368a26c4c6a217e6cbfdd5bec484b2c4fa6c130904300b5e9a34aa7c5a4d

  • Size

    833KB

  • Sample

    241127-gqwlsaxndj

  • MD5

    8d21b5d833a18a3b0d3942daa30c72ff

  • SHA1

    731a14e6b6d34dcc6f44f6791f5a9042a00b8cdb

  • SHA256

    3bd9368a26c4c6a217e6cbfdd5bec484b2c4fa6c130904300b5e9a34aa7c5a4d

  • SHA512

    b480040d57b05fa3ae3a57fe25126beaf7c6c3930d01bc92502dcceeadeef3a35f1fb1ceb9b0f930e95741d9f897b1da7575ecfa75ca28b70f9a17a90b80ed9a

  • SSDEEP

    24576:qpql5FHY+Le87CtQoXtUmdbC2pgrt00AApww9AA/:qpqpHY+aEWrC2qr+0AAR9L

Score
10/10
remcosremotehostdiscoveryrat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

192.3.64.152:2559

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-ZFXG9Y

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      OBA2.exe

    • Size

      1.3MB

    • MD5

      7c08c535a27a84112b04734130068d37

    • SHA1

      424e25ad557624d5f2ecfab36e28e774fe108d88

    • SHA256

      0a8997d917a20dd82784067c9b66d79b8967c619fdd42abf1721eb21a29a1900

    • SHA512

      a366575062c44a28a721fa9922aa93e7f92c534e75f8167209a0b1f9b050ed108a9981c254441982e3265d3f55b500b656c934491840953d9aa3882abc53134b

    • SSDEEP

      24576:Ctb20pkaCqT5TBWgNQ7aMMTB7SbexP0CaHIT7vu6A:PVg5tQ7aMMTB7Sbeamv25

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks