remcos | caecd4bc46d1e621a68e1d844a6ff423d3496222aa26e8437ea2a259eabe8963 | Triage

Sharing

General

Target

JaffaCakes118_caecd4bc46d1e621a68e1d844a6ff423d3496222aa26e8437ea2a259eabe8963
Size

222KB
Sample

241221-xgzj3swqel
MD5

e6f99a00572a07dac1e9699fe0929233
SHA1

3a8ddaabed6532e9f2a413aa61b309842636c25d
SHA256

caecd4bc46d1e621a68e1d844a6ff423d3496222aa26e8437ea2a259eabe8963
SHA512

2daf6573bbe779207c73230cc6d42b306798a7b932778c6640c758a6666551c608ada54c2951a0566111b803281d162b87110f6ce7f2733ed9264a05aeffe963
SSDEEP

6144:cOmstAlgnNeNtYAcf3bJ68WA/1n7ojD247ws/be4ElblF0w:RmstigotYAO3VJWtas6RlIw

Score

10^/10

remcos august discovery rat

Malware Config

Extracted

Family

remcos

Version

2.7.2 Pro

Botnet

AUGUST

C2

typejimbo.ddns.net:8898

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%AppData%
mouse_option
false
mutex
Remcos-9VRIVL
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
wikipedia;solitaire;

Targets

- Target
  
  af811dc82e84cb34dcdbb61b65e842b3ecbf44ee7375d4c60fab594ecb886661
- Size
  
  263KB
- MD5
  
  80535092f67976be3bd4d417bffbf1fe
- SHA1
  
  47d9303d29001d8517a7d72087e1dc205399786c
- SHA256
  
  af811dc82e84cb34dcdbb61b65e842b3ecbf44ee7375d4c60fab594ecb886661
- SHA512
  
  e813d0bfa9b108850250acd55c63481fbe6bf8611524951028ce61427c47a71570ae79799d0a9f1525a865743efd4db7cb3c86f2e17bee8dc72d103027845f17
- SSDEEP
  
  6144:a5V4E4Bfp5u+G7QF3Wl8R4AXmbsl3z/dL/mq:akECfpxG7QlWlmWEVDmq
Score

10^/10

remcos august discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosaugustdiscoveryrat

behavioral2