Overview

overview

10

Static

static

5

0004532DES...ON.exe

windows7-x64

10

0004532DES...ON.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20914f0b51ca703b58ca08a4fb2ae797a09cd5b5bc8f17837691777ebb963bd3

  • Size

    813KB

  • Sample

    241212-ft3c3a1rdt

  • MD5

    a730e8de0dcaaa16db2d5912ec3b27c9

  • SHA1

    404a126983b4331fb175ecb85baad718ea7a93e3

  • SHA256

    20914f0b51ca703b58ca08a4fb2ae797a09cd5b5bc8f17837691777ebb963bd3

  • SHA512

    2adfaa892688d856c49c707add2c119685b8fbaa67068f1bef15032de1fc518f61be2c24316d7d5c84e49b3b040dd9afa4cf03cca2ae52a5a0cc9232dcc425b0

  • SSDEEP

    12288:8M/cufUClSgvcyf3zIGu3eFMxPY2n0swfgdsGleauYg9bKrSVGBhIC:hkEJvDQ3eCz02tlBuzb1kIC

Score
10/10
remcosremotehostdiscoveryrat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

192.3.64.152:2559

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-ZFXG9Y

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      0004532DESCRIPTION.exe

    • Size

      1.3MB

    • MD5

      99869676e00d4b9bbafba630976d433d

    • SHA1

      382b278b3e0ff8272cac88277e5db6b73ff0b808

    • SHA256

      c9c2cc6c696510e2de26e171d083b8f153f8d160eb00bc5cccc6f7f07623e183

    • SHA512

      e586c7fb045eaa8e1b2151e6bf2768c2033df3b4d2398d3f27bc601e1864ce438dc5e2c8649dc095ec9aa162a236a9fe1def098e8d7c6443cafcca7a075d58f4

    • SSDEEP

      24576:au6J33O0c+JY5UZ+XC0kGso6FaebHHfLOautp30hdL+1aWY:su0c++OCvkGs9FaebnjOauIdOY

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks