remcos | d7097f619fa3d659ed334fe78b12b3ca0e6b2809fae417c37af32a8f5dc8a768 | Triage

Resubmissions

02/06/2023, 02:03

230602-cg1f6ahd53 10

02/06/2023, 02:02

230602-cgd8xshg7y 10

Sharing

Copy URL Twitter E-mail

General

Target

FWD-2984758'0348693846830 DEPENDENCIA Y DOCUMENTO DE RADICADO DE CITACION FISCAL.tar
Size

517KB
Sample

230602-cgd8xshg7y
MD5

4c5130a03273312ee1fdabcdd4eabf71
SHA1

e726b0814a9354afd3161b496064bc82f8efd92b
SHA256

d7097f619fa3d659ed334fe78b12b3ca0e6b2809fae417c37af32a8f5dc8a768
SHA512

50a446fb73d22bb2bd0e6469748059e0df23ab546d87055ba547ecbd2cfa5b204cb70d8790ef32374130b7ec16de27e3f38ef227b846f35c4981ec1a2f982187
SSDEEP

12288:OXESM2wUdZCPLjISPSqQj7FJbBElHohU5oD8PH+eSo:mEALdkSj1r5W5ofeSo

Score

10^/10

remcos turbo1.1 rat

Malware Config

Extracted

Family

remcos

Botnet

TURBO1.1

C2

martinelialora09.con-ip.com:1995

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-P8W485
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  FWD-2984758'0348693846830 DEPENDENCIA Y DOCUMENTO DE RADICADO DE CITACION FISCAL.exe
- Size
  
  577KB
- MD5
  
  c2900f9d2636bc52d3d101289419d9e6
- SHA1
  
  34a316caa111d9e26d0e473f8adda12663da435b
- SHA256
  
  6402bee68e322b3a569685536b702ea1b6773b4014979750cf7e282c576e52d2
- SHA512
  
  938a62c52b60bbfb740511a93b52747c35d66a05b106e649258de96df6961be47a5365463253347b3f3220cd1079e4895949462290393562a32adb7dc4758be6
- SSDEEP
  
  12288:rzW3zKh4PfzNsCQdvk6O1YZUZV6mpZqq:ra3+hgzNsk6O1Eoqq
Score

10^/10

remcos rat turbo1.1
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

remcosturbo1.1rat