remcos

General

Target

JaffaCakes118_ecddbf7af1b2e3665a35371f89a490b2de78b1ce22a75b557182537b111ddb90
Size

8.3MB
Sample

241222-xacrqsvpfs
MD5

d057ac4bf7cb5a5b547e3f02e07c61a7
SHA1

295a78c2e819c9a6f8b44e0f892667eb1aa5c27f
SHA256

ecddbf7af1b2e3665a35371f89a490b2de78b1ce22a75b557182537b111ddb90
SHA512

966d1231b3eefe34e23c692fdd2950e8a36f9b822a017928cb1ccd6515a414bd509d111e895bdc0d4b9b6e61a33e2a63a7da5a74c9fee614d77590e2d3f43c14
SSDEEP

196608:TC2eW9r7aA85S/fTe9RpH5dXSLEaUdkdOBKQKxJRT7vbSFwB:TCm9r7aA88S7XpSLrUdkd1QKFGU

Score

10^/10

Malware Config

Extracted

Family

remcos

Version

2.5.0 Pro

Botnet

PREMIUM-NEWS

C2

3xe94lqhph0janx.ru:4404

399i6fi7voahk2g.xyz:4404

zl5uyooepo2sqez.info:4404

5ow86mh1sf1l1mr.ru:4404

dcws2kksik85f288.xyz:4404

gd92nof7quuu2l.ru:4404

vdbto19wogzzu.info:4404

xvhjuqq1skbs0bo.info:4404

jqni1my7489jkmb.ru:4404

cteu48n17qjpwv4.ru:4404

wv5hvbijspasvvi.info:4404

5bwfdr9ipmxb0qq.ru:4404

n8hoie32bkdpfd7.info:4404

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
kkYMs
keylog_path
%AppData%
mouse_option
false
mutex
-RBCG9K
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
wikipedia;solitaire;

Targets

- Target
  
  1ddd414aaecbd9b1cc4b5fc1a960da74be1bf8c1a51448ab64648b9005ab5284
- Size
  
  9.1MB
- MD5
  
  fba4f7e4980333f086d05fa2cb080e38
- SHA1
  
  5fc6ec97b4e77283f98337e500a8c3fc1a10a271
- SHA256
  
  1ddd414aaecbd9b1cc4b5fc1a960da74be1bf8c1a51448ab64648b9005ab5284
- SHA512
  
  8c19983f82eb8896f58f32d4ff8ff6af41a9407a5e16ee0be2b2a621d32518697c2b02906ce8bf4e02a7de0abc98dcc9cf343f62b6d2d7e19844e235399b7e31
- SSDEEP
  
  196608:u0nUekoleXdqwhplLsu310uSeEBtpuJ8wWMvWOdyHhHN+:uaUPdvhp31dSxcl+UyBt
Score

10^/10

remcos premium-news discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Remcos family

Drops startup file

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2