remcos

General

Target

JaffaCakes118_06daecd07c279e616630efa8dcdf825a6e3a69731f67a52872ad3b9e48ce859a
Size

488KB
Sample

241227-c3qtvaznbw
MD5

77883789645880f917017073ba182b12
SHA1

2cddea39f39e2dc1f074d916e96d09242e18209a
SHA256

06daecd07c279e616630efa8dcdf825a6e3a69731f67a52872ad3b9e48ce859a
SHA512

dc969c8d0ddbbc1262e82a0d695c466718dda50dfcfe8d52e5bf04fa74595d59aa25d1b5d9616a2f799ffcc1c3d4c7ad438200e55a7e30f5e1e506074aab500c
SSDEEP

12288:VUlMSXxJP3sfE0jR9xrMOknJGsAALHBIOsOBzvaBFzqB:ulfUfthrMOkJhHHBIPOBzvAU

Score

10^/10

Malware Config

Extracted

Family

remcos

Botnet

GRECIOUS

C2

zubby2468.hopto.org:8975

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%AppData%
mouse_option
false
mutex
Remcos-P9X35M
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
notepad;solitaire;

Extracted

Family

remcos

Version

3.2.1 Pro

Botnet

GRECIOUS

C2

zubby2468.hopto.org:8975

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%AppData%
mouse_option
false
mutex
Remcos-P9X35M
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
notepad;solitaire;

Targets

- Target
  
  PI20200206AP,pdf.exe
- Size
  
  627KB
- MD5
  
  82bf256a05b49b373ee14629f1b48785
- SHA1
  
  e5ece8a7b9a6d4ec753f3099288552a9947cb68f
- SHA256
  
  d5f20f1e1795748c57d2a7ce2f6cd141afce32beaea0b63850854214fcf8e260
- SHA512
  
  df34787e54f82d92bc37b079cc5861f44739c529be7cf6963f4fcb9c03a3d259c9e5271719a9459e9279a76242deabd979b68ffeda9541d6cf6dd66bfa5a7c61
- SSDEEP
  
  12288:7+uhQMCxL5KoNBIVXLQ5IonUFJb+Y0IdbIF1z425etmwgoL6vmxt:HhCxLw0BaLQ5JUPCY0SIFZF5m/hxt
Score

10^/10

remcos grecious discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/bvxiuwkw.dll
- Size
  
  16KB
- MD5
  
  fc8aa09cf3a758c8d53f5f2308bd517e
- SHA1
  
  dc283fce636887938075e853c6769927b3380f03
- SHA256
  
  4684ea37a97a5757612377341258d8698b91c92965abbf35d915f6c81037a697
- SHA512
  
  de53151aa0b2c3a180abf95d2764af5bec3732bfac0e53e7d41cd07688538074d0476e8b1d19bcf6d012fa3d2745f76c63ed5ea1eee9c6e35e62b097775931be
- SSDEEP
  
  192:4ruT5wvAi3OL1PJuIJHSArBWyvQmgbe45oz+GHdhF/BFWTmp6YeND:4ruT7ZSjyGZYdbHWiIXND
Score

10^/10

remcos grecious discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Remcos family

Loads dropped DLL

Remcos

Remcos family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4