remcos | 918c574b7b2841d4dfafd36d23940f4b5f9636ccfb483589ff7df63967ddcf87 | Triage

Sharing

General

Target

C3C8E7B07E16739C1C0B79F5FF91479F.exe
Size

5.2MB
Sample

241227-xvxmmsxre1
MD5

c3c8e7b07e16739c1c0b79f5ff91479f
SHA1

5de5162c4f4c76a1fbcc281f26a02486f626f29a
SHA256

918c574b7b2841d4dfafd36d23940f4b5f9636ccfb483589ff7df63967ddcf87
SHA512

cef48c9be82f4db90c68443630d58084aae1aea054bca82803d51ab63226ca085e1c05b393505dd9442c832b1c59e6720ff217d61200ac9011159d145ac33ba4
SSDEEP

49152:/IFXei/uNQrNQDuNz6jk+1n+Vu1cJ+TsehmvK718uFvvPRSTp8UX6:/QN8DU6jn+V8/IeIA8u08UX6

Score

10^/10

remcos rosas discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

ROSAS

C2

newstaticfreepoint24.ddns-ip.net:3020

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
registros.dat
keylog_flag
false
keylog_folder
data
mouse_option
false
mutex
kljjbdlcjbavhbiluiewliuwqerlib-DDZVN3
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Capturas de pantalla
screenshot_path
%AppData%
screenshot_time
10
startup_value
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  C3C8E7B07E16739C1C0B79F5FF91479F.exe
- Size
  
  5.2MB
- MD5
  
  c3c8e7b07e16739c1c0b79f5ff91479f
- SHA1
  
  5de5162c4f4c76a1fbcc281f26a02486f626f29a
- SHA256
  
  918c574b7b2841d4dfafd36d23940f4b5f9636ccfb483589ff7df63967ddcf87
- SHA512
  
  cef48c9be82f4db90c68443630d58084aae1aea054bca82803d51ab63226ca085e1c05b393505dd9442c832b1c59e6720ff217d61200ac9011159d145ac33ba4
- SSDEEP
  
  49152:/IFXei/uNQrNQDuNz6jk+1n+Vu1cJ+TsehmvK718uFvvPRSTp8UX6:/QN8DU6jn+V8/IeIA8u08UX6
Score

10^/10

remcos rosas discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosrosasdiscoverypersistencerat

behavioral2

remcosrosasdiscoverypersistencerat