remcos | ad39a998b7f7b0889d74b2377b4ef09cb4827b314052e6280f2925bdc06ae248 | Triage

Submit
Reports

Overview

overview

Static

static

5

Order.exe

windows10-2004-x64

Sharing

General

Target

Order.exe
Size

809KB
Sample

250407-v3vrxayycv
MD5

8849e2039f215fdc3d18270bff047810
SHA1

b5276ad1f216f5de3d2edccfa598a0eaf676821f
SHA256

ad39a998b7f7b0889d74b2377b4ef09cb4827b314052e6280f2925bdc06ae248
SHA512

4779f5586c928f606185418f1320a8255598a122018230e547053afea09971d6aee80273c75e0ba26facea459a315ee53325104f5cf689067f04135aad4d7638
SSDEEP

24576:url6kD68JmlotQf4uvwKMXeDyEpyrX5WIYz8g3Q:Ml328U2yfxvwdgSrpkz3

Score

10^/10

remcos remotehost discovery rat upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Order.exe

Resource

win10v2004-20250314-en

remcos remotehost discovery rat upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

196.251.86.41:2404

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-83VOGC
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  Order.exe
- Size
  
  809KB
- MD5
  
  8849e2039f215fdc3d18270bff047810
- SHA1
  
  b5276ad1f216f5de3d2edccfa598a0eaf676821f
- SHA256
  
  ad39a998b7f7b0889d74b2377b4ef09cb4827b314052e6280f2925bdc06ae248
- SHA512
  
  4779f5586c928f606185418f1320a8255598a122018230e547053afea09971d6aee80273c75e0ba26facea459a315ee53325104f5cf689067f04135aad4d7638
- SSDEEP
  
  24576:url6kD68JmlotQf4uvwKMXeDyEpyrX5WIYz8g3Q:Ml328U2yfxvwdgSrpkz3
Score

10^/10

remcos remotehost discovery rat upx
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Drops startup file
- Executes dropped EXE
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosremotehostdiscoveryratupx

© 2018-2025

Terms | Privacy