Overview

overview

10

Static

static

3

039308d471...6c.exe

windows7-x64

10

039308d471...6c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7945af6330f9db4cc74c1ec96949eb3e4f934f1283c1db38c639035cd91c6047

  • Size

    97KB

  • Sample

    241221-v6yyqsvkbv

  • MD5

    35087bf0ef0ea4bbb83adee67f265f41

  • SHA1

    9d5effbea631b178cb691be3087133cae06ff30c

  • SHA256

    7945af6330f9db4cc74c1ec96949eb3e4f934f1283c1db38c639035cd91c6047

  • SHA512

    89ef0e456634187a4ff2482213d618ba79c41836a30e3379352980eb742744b0b95309e49a5092406ca14166d9306a1f5289cf62eb3ea99d5cf8ad0ac98f16e2

  • SSDEEP

    1536:IbE6ORp91fqR7P+Ho7Xu75z7lZTnXiRWJZYp9yyzjRweznvOhZVaTtY2/BfDsh:IbzxPV7Xu75lZTnSWuNLvyEbJI

Score
10/10
remcosmxsvdiscoveryrat

Malware Config

Extracted

Family

remcos

Version

1.9.2 Pro

Botnet

MXSV

C2

casillas.hicam.net:2404

casillasmx.chickenkiller.com:2404

casillas45.hopto.org:2404

casillas.libfoobar.so:2404

du4alr0ute.sendsmtp.com:2404
Attributes
  • audio_folder

    audio

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    5

  • copy_file

    remcos.exe

  • copy_folder

    remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    rem92-P9KLDM

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    1

  • startup_value

    remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      039308d47114c1bc4976d88869edf65d7f0658cb11a9eca534123578219b8c6c

    • Size

      140KB

    • MD5

      c756a2338f5a176d3980852b6314dc7e

    • SHA1

      a2d3e69abc628a43c02e7538d31023d3138fd0bd

    • SHA256

      039308d47114c1bc4976d88869edf65d7f0658cb11a9eca534123578219b8c6c

    • SHA512

      336d2a871149d487de7c2fc9887ff381305076caaed6865cf313fe69c694b57ca9872f74dde137a345563ab7ec00f93ad3643e40298cb17f74059182a935ace0

    • SSDEEP

      3072:iq7eoTLJQYF6kUCkAODrIlPzBBQGkAVFOnpYwZnQqO8b6x:XxStAODrIlrBSiSmub6

    Score
    10/10
    remcosmxsvdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks