remcos | 52cb8f04181327518fd35c6f4f0ddd981ca7537b5d44160bdf16032d440038f2

General

Target

52cb8f04181327518fd35c6f4f0ddd981ca7537b5d44160bdf16032d440038f2
Size

483KB
Sample

241130-rxzl5awnfy
MD5

1c3e81e4c5a9e9719d639d7025ed3263
SHA1

3c5656d7e2b511023b4e37118082c8547407cf6b
SHA256

52cb8f04181327518fd35c6f4f0ddd981ca7537b5d44160bdf16032d440038f2
SHA512

34a76802b975c4989889bab1d42d8002a87ae7dc303a4822eeca574464e3a7d7730cb5e1ed8bf887e364c50005c4eb8fa60e48869625a2bd7c118a882926fe10
SSDEEP

6144:4Tz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZXAXkcrHT4:4TlrYw1RUh3NFn+N5WfIQIjbs/ZXoT4

Score

10^/10

Malware Config

Extracted

Family

remcos

Botnet

MANIFESTATIONS

C2

janbours92harbu03.duckdns.org:3980

janbours92harbu04.duckdns.org:3981

janbours92harbu007.duckdns.org:3981

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-NACZDT
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  52cb8f04181327518fd35c6f4f0ddd981ca7537b5d44160bdf16032d440038f2
- Size
  
  483KB
- MD5
  
  1c3e81e4c5a9e9719d639d7025ed3263
- SHA1
  
  3c5656d7e2b511023b4e37118082c8547407cf6b
- SHA256
  
  52cb8f04181327518fd35c6f4f0ddd981ca7537b5d44160bdf16032d440038f2
- SHA512
  
  34a76802b975c4989889bab1d42d8002a87ae7dc303a4822eeca574464e3a7d7730cb5e1ed8bf887e364c50005c4eb8fa60e48869625a2bd7c118a882926fe10
- SSDEEP
  
  6144:4Tz+c6KHYBhDc1RGJdv//NkUn+N5Bkf/0TELRvIZPjbsAOZZXAXkcrHT4:4TlrYw1RUh3NFn+N5WfIQIjbs/ZXoT4
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2