remcos | fddf8bb336550656a2a9f7c5063092e77bfa127095317e25066c02a7170c0548 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

N-64574 JU...ES.msg

windows7-x64

N-64574 JU...ES.msg

windows10-2004-x64

3

Sharing

General

Target

N-64574 JUZGADO 004 MUNICIPAL DE PEQUEÑAS CAUSAS LABORALES.msg
Size

91KB
Sample

241212-rmqlgawqgs
MD5

77f2e0973250e47757c97a5163df1ebc
SHA1

72a7be688e78efd31a98214367db1fbdb7941c4d
SHA256

fddf8bb336550656a2a9f7c5063092e77bfa127095317e25066c02a7170c0548
SHA512

d08a1ea92875b670c0e66404c4ba5b8d418eccb9dd6c065805153654b1add7bcc0a42322e3b007efd5a422a7ab1270669ab558855ccc778ee42c51ae0a97a8dc
SSDEEP

1536:ZtiMRFG9VWSWFCT3s4Fgt51+aYvVqqw0EOaFpyqqw0EOaFp:ZtiMjG9wJJYXaYa

Score

10^/10

remcos remotehost discovery rat

Static task

static1

Behavioral task

behavioral1

Sample

N-64574 JUZGADO 004 MUNICIPAL DE PEQUEÑAS CAUSAS LABORALES.msg

Resource

win7-20240903-en

remcos remotehost discovery rat

windows7-x64

25 signatures

300 seconds

Behavioral task

behavioral2

Sample

N-64574 JUZGADO 004 MUNICIPAL DE PEQUEÑAS CAUSAS LABORALES.msg

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

300 seconds

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

december02.kozow.com:5151

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-O92SE5
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  N-64574 JUZGADO 004 MUNICIPAL DE PEQUEÑAS CAUSAS LABORALES.msg
- Size
  
  91KB
- MD5
  
  77f2e0973250e47757c97a5163df1ebc
- SHA1
  
  72a7be688e78efd31a98214367db1fbdb7941c4d
- SHA256
  
  fddf8bb336550656a2a9f7c5063092e77bfa127095317e25066c02a7170c0548
- SHA512
  
  d08a1ea92875b670c0e66404c4ba5b8d418eccb9dd6c065805153654b1add7bcc0a42322e3b007efd5a422a7ab1270669ab558855ccc778ee42c51ae0a97a8dc
- SSDEEP
  
  1536:ZtiMRFG9VWSWFCT3s4Fgt51+aYvVqqw0EOaFpyqqw0EOaFp:ZtiMjG9wJJYXaYa
Score

10^/10

remcos remotehost discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosremotehostdiscoveryrat

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.