General

  • Target

    lucerne as at 28 Nov 2022.exe

  • Size

    579KB

  • Sample

    221203-r9v5gaea9t

  • MD5

    796280ec19f4cabce99bbb14b4a43f28

  • SHA1

    537bedfbb6f6f2b544bc4892437f4a6050d932a9

  • SHA256

    eeb4e124303b10a370d6c20f70c17303dfe1cd6de4b255d85061804ad6902db0

  • SHA512

    6afca105404a50684a9a4b37646b2bbd17339120849aad6f9c8ef8e2abc4d28ba6ad144195b3db1e676c3d7a3335751b134ed58397d62991895b04a9f6498eb8

  • SSDEEP

    12288:VmwtkzfN9A6V20TKzB32n/3Ki0mGXq7mclWKpNCi/g:ltkzf3A6VR6O/OrXqicvN

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

awa

C2

gdyhjjdhbvxgsfe.gotdns.ch:2718

Attributes
audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-J6C5A7
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

    • Target

      lucerne as at 28 Nov 2022.exe

    • Size

      579KB

    • MD5

      796280ec19f4cabce99bbb14b4a43f28

    • SHA1

      537bedfbb6f6f2b544bc4892437f4a6050d932a9

    • SHA256

      eeb4e124303b10a370d6c20f70c17303dfe1cd6de4b255d85061804ad6902db0

    • SHA512

      6afca105404a50684a9a4b37646b2bbd17339120849aad6f9c8ef8e2abc4d28ba6ad144195b3db1e676c3d7a3335751b134ed58397d62991895b04a9f6498eb8

    • SSDEEP

      12288:VmwtkzfN9A6V20TKzB32n/3Ki0mGXq7mclWKpNCi/g:ltkzf3A6VR6O/OrXqicvN

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Tasks