remcos | 52939296475d2fc83dab2eafb9b8512a53a450e3aaf60f288e1de3cc811fb49b | Triage

Sharing

General

Target

569___BL,INV_and_packing_list.jpg.ace
Size

798KB
Sample

250404-kfbemsvry6
MD5

f4991469abb773c2b0da4f61f7b2a3a3
SHA1

c3671f891bcf300128f60b3cc2b2db74d3a525f4
SHA256

52939296475d2fc83dab2eafb9b8512a53a450e3aaf60f288e1de3cc811fb49b
SHA512

10b50a93af66425d3a69f89a24aa6cee03e28254efd532d2ad6e1b703dae0bfd211492a8ce4a1243b8b1e5ca8eb2a4a7728645596e3e8c981bb0012d0538e0ff
SSDEEP

24576:JUt7lKWtzkRIxZ+HALg+m3OpqtfIcxfvsVKyXLxc48a4ZXpait:aWWtzkSZPE+shaKyXNcdTQit

Score

10^/10

remcos remotehost discovery rat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

103.83.87.190:5817

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-E1OC2H
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  Shipment Document BL,INV and packing list.jpg.exe
- Size
  
  1.3MB
- MD5
  
  9aa7675541b2cf73b71f5ddc6be2084b
- SHA1
  
  b8af9227da8a2e6957604cb4e643370adadeae68
- SHA256
  
  1fc20be3230c5de684a0c39942bfe11d80b71d540c6c42c40fb22c1c2416d2c5
- SHA512
  
  040ec11512a61ecb84360dc045a5098ae7d25c0490da901e7cb510ee128585b038df6132e3e3811b66d3c4fefd618091be6b98c0a4ef5a5df4c2416a8eba6b50
- SSDEEP
  
  24576:Ju6J33O0c+JY5UZ+XC0kGso6FaSZ62TTqVNrwvtK1pWp1N/az2DIjWY:ru0c++OCvkGs9FaSMoqIk1pW5c2HY
Score

10^/10

remcos remotehost discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Drops startup file
- Executes dropped EXE
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosremotehostdiscoveryrat