remcos | 77e61a24c66982a52ea4eb703f149dbfeb7f20f7f7ebae654a0d0758d284193b

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2024 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_77e61a24c66982a52ea4eb703f149dbfeb7f20f7f7ebae654a0d0758d284193b.exe
Size

459KB
MD5

6b540a31dda49fe2f786f33aed12129a
SHA1

3e52efaac349137e0e57c7053bb109960934a2b3
SHA256

77e61a24c66982a52ea4eb703f149dbfeb7f20f7f7ebae654a0d0758d284193b
SHA512

897599d75d0c1825588c50e21a361849c43076685ce4a096188ef7ff2378c82f8b3d8c6101c51e02f02eb1c31407e24fe7a8e23509c8dc3d9dea160e067ab676
SSDEEP

6144:qa4YiP1U/VOKRUz7mxE3oEhxv2gYnCLrbLM9iHul+jZ5mv9Qoj8lAOZZlvXI2FEf:qa4RU/U3AVE2gNrY9iH8+1YMfZlA9eG

Score

10^/10

remcos discovery rat

Malware Config

Signatures

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos
Remcos family
remcos

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_77e61a24c66982a52ea4eb703f149dbfeb7f20f7f7ebae654a0d0758d284193b.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2176	JaffaCakes118_77e61a24c66982a52ea4eb703f149dbfeb7f20f7f7ebae654a0d0758d284193b.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_77e61a24c66982a52ea4eb703f149dbfeb7f20f7f7ebae654a0d0758d284193b.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_77e61a24c66982a52ea4eb703f149dbfeb7f20f7f7ebae654a0d0758d284193b.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\remcos\logs.dat

Filesize
148B

MD5
b0b808de5999916f40f5c025e66fe11e

SHA1
a8b0e8e650bb5f08bb0a8fc1e58b10372d8d2238

SHA256
0f0f5565d534c56c04c4f92f2b9544969fa1fa4f5b48ecb9a9265ee8637d1185

SHA512
21aae741f0fe54ad83677bf16f943ba99055f03b03e11f99e4dda2b427ba469b233490cd983ff80c15dfd2fd4401b146639e74989444b1be18d68380bf6f2d8a

Download Submit