remcos | aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346 | Triage

Sharing

General

Target

aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe
Size

1.8MB
Sample

250207-rd3jnstlbs
MD5

051050fd522fd5c484d66cd783b5add4
SHA1

9420ab564a73c740bad5e30842ca61c213242230
SHA256

aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346
SHA512

0cf52d31f81ebee83e0a0098714c5ee659b34ea81e20a78896d596662aa49c84ffaf057e10a8015530206ed10b287b3bb3add4613af9141c1557ee8df3ec58a1
SSDEEP

49152:gTvC/MTQYxsWR7ais+w7GW6vNeKjQO1s17W9OrU:IjTQYxsWRS76Ve0QIs17gS

Score

10^/10

remcos remotehost discovery rat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

192.210.150.26:3678

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-MKYDDH
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe
- Size
  
  1.8MB
- MD5
  
  051050fd522fd5c484d66cd783b5add4
- SHA1
  
  9420ab564a73c740bad5e30842ca61c213242230
- SHA256
  
  aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346
- SHA512
  
  0cf52d31f81ebee83e0a0098714c5ee659b34ea81e20a78896d596662aa49c84ffaf057e10a8015530206ed10b287b3bb3add4613af9141c1557ee8df3ec58a1
- SSDEEP
  
  49152:gTvC/MTQYxsWR7ais+w7GW6vNeKjQO1s17W9OrU:IjTQYxsWRS76Ve0QIs17gS
Score

10^/10

discovery remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

remcosremotehostdiscoveryrat