remcos

General

Target

c022073bc27247d1b372070a591814da7ccf492f0d83db5ed39da879b64adb5e
Size

1.8MB
Sample

250209-fkcq2swkhs
MD5

792e664019c28c76f3891592a6b1783a
SHA1

90ce270beb429b458995c057a7f2ae3b75aaa7f8
SHA256

c022073bc27247d1b372070a591814da7ccf492f0d83db5ed39da879b64adb5e
SHA512

2c2c77c73661d8e096a06e399dc980e19ace8b5a7c244b75219bdd2d15466ec25f249828683e41cf348817e070baae34425262ccb51d40404ced529773f80a28
SSDEEP

24576:Ztb20pkaCqT5TBWgNjVY/Z6Pk9IC53D8j+G3AP8P8cn1hk6p9hFLQkeY7X2HV6A:qVg5tjVY/Z6PGICjG3APNc1S6jbaYq5

Score

10^/10

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

192.210.150.26:3678

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-UJY4D8
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  c022073bc27247d1b372070a591814da7ccf492f0d83db5ed39da879b64adb5e
- Size
  
  1.8MB
- MD5
  
  792e664019c28c76f3891592a6b1783a
- SHA1
  
  90ce270beb429b458995c057a7f2ae3b75aaa7f8
- SHA256
  
  c022073bc27247d1b372070a591814da7ccf492f0d83db5ed39da879b64adb5e
- SHA512
  
  2c2c77c73661d8e096a06e399dc980e19ace8b5a7c244b75219bdd2d15466ec25f249828683e41cf348817e070baae34425262ccb51d40404ced529773f80a28
- SSDEEP
  
  24576:Ztb20pkaCqT5TBWgNjVY/Z6Pk9IC53D8j+G3AP8P8cn1hk6p9hFLQkeY7X2HV6A:qVg5tjVY/Z6PGICjG3APNc1S6jbaYq5
Score

10^/10

discovery remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

System Network Configuration Discovery

1

T1016

Internet Connection Discovery

1

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Remcos family

Downloads MZ/PE file

Drops startup file

Executes dropped EXE

Loads dropped DLL

AutoIT Executable

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2