remcos | ac5701c2635f4ea82d70b75d1a33ae56ebfd431e9f1ad34134a06307ad9d12b8 | Triage

Sharing

General

Target

ac5701c2635f4ea82d70b75d1a33ae56ebfd431e9f1ad34134a06307ad9d12b8.exe
Size

180KB
Sample

250208-deyefs1mew
MD5

291270e7fd1ea4ce6f878528e03ff33c
SHA1

f3aa4a90bea77c23376955bb563fc8b65dcdb54b
SHA256

ac5701c2635f4ea82d70b75d1a33ae56ebfd431e9f1ad34134a06307ad9d12b8
SHA512

3657db07f8c01d9a12d3902ce0a8fd4bf7240594fd4704cf19d971c7d6b29e579448155d92cdf949307846c5ce8f9ce7cc3bcd772316ccca4e90493f3646008b
SSDEEP

3072:kqM8+466FzyRsXVR4VRclmCD+/tjxsTQRS:kqM8+4TFGqGVRcgCD+/tjxsTQRS

Score

10^/10

remcos remotehost discovery rat upx

Malware Config

Extracted

Family

remcos

Version

2.5.0 Light

Botnet

RemoteHost

C2

127.0.0.1:2404

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%AppData%
mouse_option
false
mutex
Remcos-YCDIWY
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
wikipedia;solitaire;

Targets

- Target
  
  ac5701c2635f4ea82d70b75d1a33ae56ebfd431e9f1ad34134a06307ad9d12b8.exe
- Size
  
  180KB
- MD5
  
  291270e7fd1ea4ce6f878528e03ff33c
- SHA1
  
  f3aa4a90bea77c23376955bb563fc8b65dcdb54b
- SHA256
  
  ac5701c2635f4ea82d70b75d1a33ae56ebfd431e9f1ad34134a06307ad9d12b8
- SHA512
  
  3657db07f8c01d9a12d3902ce0a8fd4bf7240594fd4704cf19d971c7d6b29e579448155d92cdf949307846c5ce8f9ce7cc3bcd772316ccca4e90493f3646008b
- SSDEEP
  
  3072:kqM8+466FzyRsXVR4VRclmCD+/tjxsTQRS:kqM8+4TFGqGVRcgCD+/tjxsTQRS
Score

10^/10

remcos remotehost discovery rat upx
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Downloads MZ/PE file
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upxremotehostremcos

behavioral1

remcosremotehostdiscoveryratupx

behavioral2

remcosremotehostdiscoveryratupx