Overview

overview

10

Static

static

3

sZQwYoxiYuZzeyN.exe

windows7-x64

10

sZQwYoxiYuZzeyN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75D6DD25512283CD8EBBE0126FB068BB

  • Size

    849KB

  • Sample

    250204-kq9eestjhk

  • MD5

    75d6dd25512283cd8ebbe0126fb068bb

  • SHA1

    4f92b55843af0ccc9633a161a6ea3a15f0b77cbf

  • SHA256

    b3beee036a0272c7b1d6433c284ac60f8bab4c84c606bc20e11217074c44cac4

  • SHA512

    053cbd201fc3f1e6123bee056f9df57a6fbd017dfa547930986e70e3fcdc31c1b4ba12ebffa9eca817e27a2d348377907ef4b04225904adc322f415b115cd78e

  • SSDEEP

    24576:44uZc7JnRrzM+An2IkXABHDspwIjfqUMYJiTYalxqk9HNz:emNno2NXAVD8wMXMYWYa79HNz

Score
10/10
remcosremotehostdiscoveryrat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

192.3.220.30:2080

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-WOJOLL

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      sZQwYoxiYuZzeyN.exe

    • Size

      876KB

    • MD5

      33786d2e47bd4d96ec9f76c8a3404dad

    • SHA1

      aff647e71a3218333a326fd966fdc1af02d78e95

    • SHA256

      b6941157c26f237a27dee0d7ef4bf4e71610e96abe2111903b1d15c57c40dd7f

    • SHA512

      803c8225f5c7f8939945f7b78f1c4e7ca5924f27f5d86c7b25fbfd32977d019ff0244c40d687bb84b92a681a993cf589c58da7f2e3f1208e669e1e6f8fe10394

    • SSDEEP

      24576:f4Z4lJnTrzcwwR2Sk1CzTRslmIjhqWMcVcTAalVug95S:AavnS2j1C3RamMPMegAaV95S

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks