Summary | ZeroBOX

remcos_agent.exe

Generic Malware Malicious Library Downloader UPX PE File PE32
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 22, 2023, 10:31 p.m. Nov. 22, 2023, 10:33 p.m.
Size 84.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 75f62d50ae96fe8ff94fc9a933b4fc77
SHA256 2b53c63310b8961fb12a67edbd083013f52e0f86e9fb053a1cbfc266595665e0
CRC32 A02B56B2
ssdeep 1536:6pNEsaeiQl8TIqytzRJl+uiNuI7FFCPBsZcOzq1T35T/cLeILtVo8V:6pNEaiQl2qouiNdFFCiZcOz+TJ/aeAt
Yara
  • Malicious_Library_Zero - Malicious_Library
  • IsPE32 - (no description)
  • Network_Downloader - File Downloader
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • Generic_Malware_Zero - Generic Malware

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0
Time & API Arguments Status Return Repeated

WriteConsoleA

buffer: * REMCOS v2.2.0 Light * Breaking-Security.Net
console_handle: 0x0000000f
1 1 0

WriteConsoleA

buffer: 07:51:24:000 [INFO] Connecting to 127.0.0.1:2404
console_handle: 0x0000000f
1 1 0
packer Armadillo v1.71
description remcos_agent.exe tried to sleep 204 seconds, actually delayed analysis time by 204 seconds