remcos | 08d46e97b3d3e5fc885ff54a08016a8e5c2b3915e399ae89d3ad1825cb3dd4f2 | Triage

Submit
Reports

Overview

overview

Static

static

revenge.exe

windows7-x64

revenge.exe

windows10-2004-x64

Sharing

General

Target

revenge.bat
Size

211KB
Sample

250201-wk6xwswjdn
MD5

b4038412251e2209c8a0e5d1e5f9df7a
SHA1

0b8c3aa5d2af9fbb5065c0cb993851a4c7e38532
SHA256

08d46e97b3d3e5fc885ff54a08016a8e5c2b3915e399ae89d3ad1825cb3dd4f2
SHA512

cf7052a2d770fa6f08a7211e88b718d14c8bb0958fa071ad9743d1cb81bcbbb25c8c136b74c01c8816c56d8f302baf12050be17a42c66e7dfcced78dafb87cac
SSDEEP

6144:+sbRQo2B6qxFlU/KCrO6is0xO1L2rW5s/satpq:+ZolqxgK6O6iRO1qC5s/t7

Score

10^/10

remcos revenge discovery rat upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

revenge.exe

Resource

win7-20241010-en

remcos revenge discovery rat upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

revenge.exe

Resource

win10v2004-20250129-en

remcos revenge discovery rat upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Version

6.0.0 Light

Botnet

revenge

C2

entry-certainly.gl.at.ply.gg:2404

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-MBSNA7
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  revenge.bat
- Size
  
  211KB
- MD5
  
  b4038412251e2209c8a0e5d1e5f9df7a
- SHA1
  
  0b8c3aa5d2af9fbb5065c0cb993851a4c7e38532
- SHA256
  
  08d46e97b3d3e5fc885ff54a08016a8e5c2b3915e399ae89d3ad1825cb3dd4f2
- SHA512
  
  cf7052a2d770fa6f08a7211e88b718d14c8bb0958fa071ad9743d1cb81bcbbb25c8c136b74c01c8816c56d8f302baf12050be17a42c66e7dfcced78dafb87cac
- SSDEEP
  
  6144:+sbRQo2B6qxFlU/KCrO6is0xO1L2rW5s/satpq:+ZolqxgK6O6iRO1qC5s/t7
Score

10^/10

remcos revenge discovery rat upx
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosrevengediscoveryratupx

behavioral2

remcosrevengediscoveryratupx

© 2018-2025

Terms | Privacy