remcos | 28dd9f42baad3506d13f7a15c6754c708378719c59dc1a60864ea2a5e2bc24a8 | Triage

Sharing

General

Target

28dd9f42baad3506d13f7a15c6754c708378719c59dc1a60864ea2a5e2bc24a8.exe
Size

340KB
Sample

250212-jj1m9ssmek
MD5

366c2e942c04bdd8173d8727628de954
SHA1

21bc9461fa1730d4e11fa090d9c159d68d9e980d
SHA256

28dd9f42baad3506d13f7a15c6754c708378719c59dc1a60864ea2a5e2bc24a8
SHA512

b6e5d84cb7c5d4a5f32b462bc09a036ab62ff57d8dfb45203a5d3970581da28dfb56a0e7b47e1d637dd87ce92e68d5adaea5bb15d7623aefd6e8214d7f337470
SSDEEP

6144:A4fF6pzInXLFNXqpL0/Z/mpZC6HV3Ieovd+NMa/3wj0jSg3MrCF:rfF6VIXxNXqpL0/Z/mpZCW6d+uaY0jSo

Score

10^/10

remcos remotehost discovery rat

Malware Config

Extracted

Family

remcos

Version

2.4.7 Light

Botnet

RemoteHost

C2

192.168.153.1:2404

Attributes

audio_folder
MicRecords
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%AppData%
mouse_option
false
mutex
Remcos-BEOO7P
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5
take_screenshot_title
wikipedia;solitaire;

Targets

- Target
  
  28dd9f42baad3506d13f7a15c6754c708378719c59dc1a60864ea2a5e2bc24a8.exe
- Size
  
  340KB
- MD5
  
  366c2e942c04bdd8173d8727628de954
- SHA1
  
  21bc9461fa1730d4e11fa090d9c159d68d9e980d
- SHA256
  
  28dd9f42baad3506d13f7a15c6754c708378719c59dc1a60864ea2a5e2bc24a8
- SHA512
  
  b6e5d84cb7c5d4a5f32b462bc09a036ab62ff57d8dfb45203a5d3970581da28dfb56a0e7b47e1d637dd87ce92e68d5adaea5bb15d7623aefd6e8214d7f337470
- SSDEEP
  
  6144:A4fF6pzInXLFNXqpL0/Z/mpZC6HV3Ieovd+NMa/3wj0jSg3MrCF:rfF6VIXxNXqpL0/Z/mpZCW6d+uaY0jSo
Score

10^/10

remcos remotehost discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosremotehostdiscoveryrat

behavioral2