remcos

General

Target

2edf874ef456146a26d6f4c7836069d48597c01fb7fb569f31013866012a7bd7.exe
Size

235KB
Sample

250124-ewzjhsyqhv
MD5

541bfc55cbbab47729342d1f2ddf0f73
SHA1

72e64bf487c1e971a9fc2f05281299caf90b27c3
SHA256

2edf874ef456146a26d6f4c7836069d48597c01fb7fb569f31013866012a7bd7
SHA512

0dd4b0fc8a4d7aec1846d2bc6a6cc98b11937ae0b99e2d20eb2c1673bed6c867414a8a2646516b895e013f50e326c158d3e1e7c2f12028a7228e9215845cc033
SSDEEP

6144:JQP761yOPJaNOKnod5naEtdpB6JdJf7s/ENdcAcrNOr0/RdVV:JQP7M0NOK3856JzjsAOZrNl

Score

10^/10

Malware Config

Extracted

Family

remcos

Botnet

ManifestBlessings

C2

krakencryptotrades.duckdns.org:2025

recoverytrades.duckdns.org:2026

krakenrecoveries.freemyip.com:2026

007lora.varpourtec.com:2026

masterb12.risunn.com:2026

risunn.com:2026

risunn.com:2025

nunubv1.fratellillottini.com:2026

fratellillottini.com:2025

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-C3DF3D
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  2edf874ef456146a26d6f4c7836069d48597c01fb7fb569f31013866012a7bd7.exe
- Size
  
  235KB
- MD5
  
  541bfc55cbbab47729342d1f2ddf0f73
- SHA1
  
  72e64bf487c1e971a9fc2f05281299caf90b27c3
- SHA256
  
  2edf874ef456146a26d6f4c7836069d48597c01fb7fb569f31013866012a7bd7
- SHA512
  
  0dd4b0fc8a4d7aec1846d2bc6a6cc98b11937ae0b99e2d20eb2c1673bed6c867414a8a2646516b895e013f50e326c158d3e1e7c2f12028a7228e9215845cc033
- SSDEEP
  
  6144:JQP761yOPJaNOKnod5naEtdpB6JdJf7s/ENdcAcrNOr0/RdVV:JQP7M0NOK3856JzjsAOZrNl
Score

10^/10

remcos manifestblessings discovery rat upx
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Remcos family

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2