Overview

overview

10

Static

static

3

SC_TR126089907.exe

windows7-x64

10

SC_TR126089907.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SC_TR126089907.gz

  • Size

    1.0MB

  • Sample

    241128-vjjkjayrfl

  • MD5

    15a490496e7e3e4524b986586a9647af

  • SHA1

    acd399c785953fd9b4bf21e343d40c1635565421

  • SHA256

    2f0643ad28f12f80974d3fd6d0c71d9afcc770837fe50bd27eea398f7946ff92

  • SHA512

    c6dc9b634a93fffe842a054719335ea7e4bc9afbe72dadf3bb09fd7de8981923f58f3744f84517903634fb82b90c4872ac6460438802fc63f932ee9bff548f81

  • SSDEEP

    24576:yrw2RNgd/33meXdQVatYDo9zxMF1MfdaajdFh2N//:Ow0gd/339KMYSzx2Mfdaal2NX

Score
10/10
remcosremotehostdiscoveryrat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

yayabeloo.duckdns.org:6847

Attributes
  • audio_folder

    MicRecords

  • audio_path

    ApplicationPath

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-VPA6N9

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      SC_TR126089907.exe

    • Size

      1.1MB

    • MD5

      d8f15666d25a32702106b56dfd962cd6

    • SHA1

      b680052ba6f10f87595df8e6f06065546109c9e2

    • SHA256

      b0724a50f077a8652bbe0972e059aadde07ea247057e239b8b28ed720a083ae8

    • SHA512

      0bda9df65f34d05ff4448783bd0c747631621bdea98d716f3b3fb77f6b05784efd4aa67cf55e60e966375e2590df7bb30f4651865345f0995f50fcad31458f8b

    • SSDEEP

      24576:e2xjcLCnYnIXrbmcfjyTinYxorzPMFZYXX+Wjj8GLgv:lZnYIXrbFm6YSzPwYXX+G4GL

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks