remcos | 02499e35a4c7f0cd87c60a05ea4013fedf5c6832841fa7467b6dc1f8828e8625 | Triage

Sharing

General

Target

OFICIO Y DETALLE DE ACTUACIÓN JUDICIAL RAD.563213.tar
Size

1.5MB
Sample

231110-jrj1gsfd85
MD5

49401a6a6bb3cd112218666fcb04f897
SHA1

a94116b3a49b8c57f61a6ff517b3dec7ad500d92
SHA256

02499e35a4c7f0cd87c60a05ea4013fedf5c6832841fa7467b6dc1f8828e8625
SHA512

cfc0d01652694b8a72523735ef80e9d1b1e29a9fc1098238f8db56ab74822542a2c56f0a64ed4f76ec992e03df504550a665d4df6e80545d8d7e98f86de75375
SSDEEP

24576:kD/d4BFoQuzAUMybYVYQFADUEXzHmV/c5VjVhiFYoDEA2/q2dK/C79z0McnC6pmc:kp4PwzA3/YQFADUEXTBbWEkm7t4pV

Score

10^/10

remcos pull rat

Malware Config

Extracted

Family

remcos

Botnet

PULL

C2

fdvijkrfdsojnlmrfsdojnlmfrdvcj.con-ip.com:1997

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-H54XLO
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  OFICIO Y DETALLE DE ACTUACIÓN JUDICIAL RAD.563213.exe
- Size
  
  1023.9MB
- MD5
  
  ba2e773cd0a1a5c4dc596feeaf5af8ff
- SHA1
  
  9a40d52553d84beb3e99a04c8f2256edde6e8fc1
- SHA256
  
  c46852f35f00af54166b854f90f8ff080acddd83214788f0f7c95e036e2c5e0e
- SHA512
  
  db537dd1ab3454811a86140400cd6def061d6b7bcfafbe34188089791766b5aaa0c64f97484f75bcdea920183f08af7359b0ce5e5335b83c2c3eb0f0600672cd
- SSDEEP
  
  12288:Ax+UJLtMI05GWvOU7iTsP0ER4DP3jUO4iiyYSY5T7MRzsK:b6LtMBkW2pTRzUVpPSOTgJJ
Score

10^/10

remcos pull rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2