remcos | fb7b6f2bf9f7494994228787e1b75387f75d3e69bcc030435b2dba2f0a12751d | Triage

Submit
Reports

Overview

overview

Static

static

3

fb7b6f2bf9...1d.exe

windows7-x64

fb7b6f2bf9...1d.exe

windows10-2004-x64

Sharing

General

Target

fb7b6f2bf9f7494994228787e1b75387f75d3e69bcc030435b2dba2f0a12751d
Size

1.1MB
Sample

250330-y6xmfsylx2
MD5

08d4a690d8a5f57b996465457d0f4775
SHA1

8059aa4a63ee35a7505dd55f9a4d8f63f02bfa78
SHA256

fb7b6f2bf9f7494994228787e1b75387f75d3e69bcc030435b2dba2f0a12751d
SHA512

8c08c78371e4d645a58aa32ca1549eecdc9466300212cd0b06fcda4d3a4470f2c67003ac5ad93180f2c7e34479b2a00d127aac7507d05304ee81725d5bff2739
SSDEEP

24576:eaTgKwZ14X27uUL3VM0kd+rkhfMsjgkAj2JE06J5N0Fj:LTgdZOcuUL3xAx/8b2S7Z05

Score

10^/10

remcos chinemerem discovery rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fb7b6f2bf9f7494994228787e1b75387f75d3e69bcc030435b2dba2f0a12751d.exe

Resource

win7-20241023-en

remcos chinemerem discovery rat

windows7-x64

10 signatures

60 seconds

Behavioral task

behavioral2

Sample

fb7b6f2bf9f7494994228787e1b75387f75d3e69bcc030435b2dba2f0a12751d.exe

Resource

win10v2004-20250314-en

remcos chinemerem discovery rat

windows10-2004-x64

11 signatures

60 seconds

Malware Config

Extracted

Family

remcos

Version

2.2.2 Pro

Botnet

chinemerem

C2

remcoss.onmypc.org:3765

Attributes

audio_folder
audio
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
5
copy_file
remcos.exe
copy_folder
remcos
delete_file
false
hide_file
false
hide_keylog_file
true
install_flag
false
install_path
%AppData%
keylog_crypt
true
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%AppData%
mouse_option
false
mutex
r-8ET8H0
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  fb7b6f2bf9f7494994228787e1b75387f75d3e69bcc030435b2dba2f0a12751d
- Size
  
  1.1MB
- MD5
  
  08d4a690d8a5f57b996465457d0f4775
- SHA1
  
  8059aa4a63ee35a7505dd55f9a4d8f63f02bfa78
- SHA256
  
  fb7b6f2bf9f7494994228787e1b75387f75d3e69bcc030435b2dba2f0a12751d
- SHA512
  
  8c08c78371e4d645a58aa32ca1549eecdc9466300212cd0b06fcda4d3a4470f2c67003ac5ad93180f2c7e34479b2a00d127aac7507d05304ee81725d5bff2739
- SSDEEP
  
  24576:eaTgKwZ14X27uUL3VM0kd+rkhfMsjgkAj2JE06J5N0Fj:LTgdZOcuUL3xAx/8b2S7Z05
Score

10^/10

remcos chinemerem discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcoschinemeremdiscoveryrat

behavioral2

remcoschinemeremdiscoveryrat

© 2018-2025

Terms | Privacy