Overview

overview

10

Static

static

3

37e7b15bd9...36.exe

windows7-x64

7

37e7b15bd9...36.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    37e7b15bd9b8ace5fd0e0a61b942748c772c8892d4ea1a4b4769ee72a9021636

  • Size

    7.6MB

  • Sample

    241201-t3mwmawlfw

  • MD5

    e53cdd984882793c93d3e9a9822b4a10

  • SHA1

    2767df7cea3b973476902cc74ccee829e5a4cbd9

  • SHA256

    37e7b15bd9b8ace5fd0e0a61b942748c772c8892d4ea1a4b4769ee72a9021636

  • SHA512

    84ebc1ac7ebb77c74c0d6d473482f1150128d817541ff771c466e0857894fb6839ed4b94bd7b4cdf11772e11556fa8311080ddbac84b0d588f5ef91b708c679d

  • SSDEEP

    196608:kGCsGNI92Tb48i0AhQHNzcJ72Yie9TR7PHyA4pVMup0hB:kOsXTpid7rie9VeA4pVk

Score
10/10
remcosbuilddiscoveryrat

Malware Config

Extracted

Family

remcos

Botnet

build

C2

193.29.13.204:5850

Attributes
  • audio_folder

    ??????????? ??????

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    true

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    sys.dat

  • keylog_flag

    false

  • keylog_folder

    syslogs

  • keylog_path

    %WinDir%

  • mouse_option

    false

  • mutex

    34534534534ffffsdfd-IPKJ16

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    ?????????

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      37e7b15bd9b8ace5fd0e0a61b942748c772c8892d4ea1a4b4769ee72a9021636

    • Size

      7.6MB

    • MD5

      e53cdd984882793c93d3e9a9822b4a10

    • SHA1

      2767df7cea3b973476902cc74ccee829e5a4cbd9

    • SHA256

      37e7b15bd9b8ace5fd0e0a61b942748c772c8892d4ea1a4b4769ee72a9021636

    • SHA512

      84ebc1ac7ebb77c74c0d6d473482f1150128d817541ff771c466e0857894fb6839ed4b94bd7b4cdf11772e11556fa8311080ddbac84b0d588f5ef91b708c679d

    • SSDEEP

      196608:kGCsGNI92Tb48i0AhQHNzcJ72Yie9TR7PHyA4pVMup0hB:kOsXTpid7rie9VeA4pVk

    Score
    10/10
    discoveryremcosbuildrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks