remcos

General

Target

JaffaCakes118_b0fcf3f4e8a1443c4822a0fa37460695
Size

497KB
Sample

250108-2q7n9syrfr
MD5

b0fcf3f4e8a1443c4822a0fa37460695
SHA1

98b2a1484803f0c1057695d2eba5801e670ed63b
SHA256

76d1425757fcdb4c6ddac28a2c7970e743d0f1bf240101d701fc32d5420487cf
SHA512

998b62550107d48146e9abf526537eda8e88f2878e1d9669b2755ab21d02fbfc9c8173221f61a03ddd26231c8cebc5d1a7ff285c08bfaf29d377f9c7ae4cb620
SSDEEP

6144:dZ6PRR6gpvGa9q4A8olUpR1rhhegYUBPsUpxd4CNooxb:dZ6PRH5Ga285rh99BPtxd9SoV

Score

10^/10

Malware Config

Extracted

Family

remcos

Version

2.0.4 Pro

Botnet

RemoteHost

C2

185.208.211.10:1339

Attributes

audio_folder
audio
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
5
copy_file
remcos.exe
copy_folder
remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%AppData%
mouse_option
false
mutex
Remcos-JEH3DS
screenshot_crypt
false
screenshot_flag
true
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
90
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5

Extracted

Family

remcos

Botnet

RemoteHost

C2

185.208.211.10:1339

Attributes

audio_folder
audio
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
5
copy_file
remcos.exe
copy_folder
remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%AppData%
mouse_option
false
mutex
Remcos-JEH3DS
screenshot_crypt
false
screenshot_flag
true
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
90
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  JaffaCakes118_b0fcf3f4e8a1443c4822a0fa37460695
- Size
  
  497KB
- MD5
  
  b0fcf3f4e8a1443c4822a0fa37460695
- SHA1
  
  98b2a1484803f0c1057695d2eba5801e670ed63b
- SHA256
  
  76d1425757fcdb4c6ddac28a2c7970e743d0f1bf240101d701fc32d5420487cf
- SHA512
  
  998b62550107d48146e9abf526537eda8e88f2878e1d9669b2755ab21d02fbfc9c8173221f61a03ddd26231c8cebc5d1a7ff285c08bfaf29d377f9c7ae4cb620
- SSDEEP
  
  6144:dZ6PRR6gpvGa9q4A8olUpR1rhhegYUBPsUpxd4CNooxb:dZ6PRH5Ga285rh99BPtxd9SoV
Score

10^/10

remcos remotehost discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Remcos family

Drops startup file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2