remcos

Sharing

Copy URL

Twitter E-mail

General

Target

DOCUMENTODEENVO120225.rar
Size

3.3MB
Sample

250212-y3khqaxmal
MD5

6409140c76b5a60a3e5f02f1e429ce2e
SHA1

21889d0f1c6e5f9a6b95012ec9bc4a7a757d8f48
SHA256

256f272b1eabec53f2430058b66870b8d11713bcec054b09d92d64434ce6e00a
SHA512

90691eb5fed9a53d085186461c1bc88ca1f6aa1b5b71930b41913564abfde2fe3325abfc1a86fdc1fab5edcde6f6da37f136aa444167d2413b7f7e33de0bb551
SSDEEP

98304:+vihUzxTD3XCNbdSACh+v5B/1iZt2QqgZY4L3ozp:ZhUzBTCj4C5mt2QFY4LYF

Score

10^/10

Malware Config

Extracted

Family

remcos

Botnet

855

23.94.82.22:5890

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
835-S89137
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  DOCUMENTO DE ENVÍO.exe
- Size
  
  969KB
- MD5
  
  f9538485432d3ec640f89096ba2d4d00
- SHA1
  
  b050b847b1fe8be78d56b29bd23c25e05c227a92
- SHA256
  
  5d695d8a0bb1d919cc77a2aa2488a61797bfa065238160278ee458120630aaf9
- SHA512
  
  ea7aeedd15f4d6a6005f8cfb7d404dfb0c302c837e48de7e3ff44d7d5908f8de6c0a81f736d874a491eddc89fdf753976be6f635e7e8512f5abb7f32caa8cfc5
- SSDEEP
  
  24576:oFZAiQHDhht8m7FpUi1L1OXJz5zzz3zzzozzz3zzzNz:CZAiQHlhtz7FpWdwz
Score

10^/10

remcos 855 discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Uses the VBS compiler for execution
- Downloads MZ/PE file
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  libvlc.dll
- Size
  
  3.9MB
- MD5
  
  7254a4eeaf6aa5b5b659459f004cc318
- SHA1
  
  6d1949307a3caf2720e877bffca3693f57e051b6
- SHA256
  
  a4dd94549a12928ea8eda1308db053d3e2d0e776c8a0c9773f880c98710d8e22
- SHA512
  
  053b69ed2555cd0b663e2cf39dde193c224bb864ce3a8416182f146ff3d42e56a0fb4e10a72954480e2d13dff142b11c86b5d51c2c5528a43f1a2221956a5d2c
- SSDEEP
  
  49152:zYYY6YxEjcOBlRTVLFujV0mBpluFWse9R+xhYlzwY:F3tFuCm68
Score

10^/10

remcos 855 discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Downloads MZ/PE file
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  libvlccore.dll
- Size
  
  2.7MB
- MD5
  
  c62c3ef5753af6e0980f38eebc196b1c
- SHA1
  
  fd1d62feaaacb7cad5f952b61a6f7bd60d6dc4e1
- SHA256
  
  2ddb85b36650f85b5a09724c5b17428b1b1b76bd3e3dd85b643933659d5e333d
- SHA512
  
  f2338d26b073d8a796a7a19ee290b87b63f30f6cfa62e74d147756d2362898a167784c860d9bc098b1ec1a080aaa0fad25ca8c611b7e8f42ea8195c2b14abdfc
- SSDEEP
  
  49152:0F0rn/mnSnjfazU2TGlMo1PBAUZLY6sEZGaXBuQQ9eI:0F07L60PBAUZL3W
Score

6^/10

discovery
- Downloads MZ/PE file
behavioral5 behavioral6
- Target
  
  vcruntime211.dll
- Size
  
  482KB
- MD5
  
  3f866efb7db4522025482928ca81a948
- SHA1
  
  4062a86ba63398b8c44fe9ee7afe8d73bdfac310
- SHA256
  
  1d23601df328d527d584a3e7ea199b187db8aa7427e5ac67f8d66ed28b14e7da
- SHA512
  
  3bdf48c52d248c3294e084b7fc5abbbb47fef1a768443f7f7e3d3561face083c8bdf83faff1c963338414e72d3b8af6eec24b8a099b0c16fb8d14d51fd281871
- SSDEEP
  
  12288:LRX5sN7Z2vVql4G4vVSv6LXqIV6KBbuarMM6tAkfCdIWop:LUluql43c6zr6uMM6fz3p
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Remcos family

Uses the VBS compiler for execution

Downloads MZ/PE file

Suspicious use of SetThreadContext

Remcos

Remcos family

Downloads MZ/PE file

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

Downloads MZ/PE file

Downloads MZ/PE file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8