remcos

Resubmissions

06-06-2023 06:42

230606-hgjrasch41 1

06-06-2023 06:42

06-06-2023 06:41

06-06-2023 06:39

06-06-2023 06:31

06-06-2023 06:23

Sharing

Copy URL

Twitter E-mail

General

Target

DETALLE Y OFICIO DE CONSIGNACIÓN REALIZADA.tar
Size

1.3MB
Sample

230606-g96absch2z
MD5

246eb678d0a6211d010f5465bcc604b6
SHA1

e0a121dcac8a5f5f4c4ff4f27974e8d6b9adeeea
SHA256

726ff0b67faeacccd97956ddb2383026d3fea83a0d9f0ed761beeadeced8f610
SHA512

13b913463c36fcd80ddca12132f0f70fd9edd0bbf4d1dc55a9eff24b840e6af290eadfd8e3935d0e94c7e7baeac766a10bfe6b841fddafc6147a00247932167e
SSDEEP

24576:bv7698KdrtTYfx5Osq/cHfEJtppLj6yh/vM6VnPWVj96jgxMcDb9H3rk/avJAd:C935ix0/Ywv6uXJnPApAqrbh3rMavJAd

Score

10^/10

Malware Config

Extracted

Family

remcos

Botnet

Euros

jhcdiucishcisdfs.con-ip.com:1883

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-10VB13
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  DETALLE Y OFICIO DE CONSIGNACIÓN REALIZADA.tar
- Size
  
  1.3MB
- MD5
  
  246eb678d0a6211d010f5465bcc604b6
- SHA1
  
  e0a121dcac8a5f5f4c4ff4f27974e8d6b9adeeea
- SHA256
  
  726ff0b67faeacccd97956ddb2383026d3fea83a0d9f0ed761beeadeced8f610
- SHA512
  
  13b913463c36fcd80ddca12132f0f70fd9edd0bbf4d1dc55a9eff24b840e6af290eadfd8e3935d0e94c7e7baeac766a10bfe6b841fddafc6147a00247932167e
- SSDEEP
  
  24576:bv7698KdrtTYfx5Osq/cHfEJtppLj6yh/vM6VnPWVj96jgxMcDb9H3rk/avJAd:C935ix0/Ywv6uXJnPApAqrbh3rMavJAd
Score

10^/10

remcos euros rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3