remcos | 269616c92c90474d1bd9100a160b478aa29124751e7862d99093376470a99bf6 | Triage

Sharing

General

Target

77B3279A611F820EC3ADFFA041C6E00DF83AC3F85B6A141F37A7D3078D492246.tar
Size

1.6MB
Sample

231115-zystzaea88
MD5

dd5dc28e442b8d63c9ab52091ad88fc7
SHA1

df47ebeaade508f3726138673a9e09469d96bace
SHA256

269616c92c90474d1bd9100a160b478aa29124751e7862d99093376470a99bf6
SHA512

4323402cc5c0f5317bbcc03d01fda6e855bf9cc4c72e251b23f9df95f7addf1d94b8602733303b1943c021de33e904c948bb732e856923062699222f464c0efb
SSDEEP

49152:MQeJQ188uDSvG/7TwhccK3RZGQzMOEKg+p1AHpQo7t:uJa8/DSskKhcQzMFKPOpQM

Score

10^/10

remcos baloto rat

Malware Config

Extracted

Family

remcos

Botnet

BALOTO

C2

nazareno77.con-ip.com:7770

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-GC9ATE
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  77B3279A611F820EC3ADFFA041C6E00DF83AC3F85B6A141F37A7D3078D492246.exe
- Size
  
  1023.9MB
- MD5
  
  e187abc066f3a9b3751199160e80416e
- SHA1
  
  9615d3c182031fd626fc9f4eb691ee1f94b516f1
- SHA256
  
  6abbdd5105f4caf66cc11b6dbaf1ee4713ffcd5da388271c06e7498b38a76e92
- SHA512
  
  92ec4972052995e313a20cdd6c3461bab8e0811697bd9b3704a6c2082ec91f8d0439853415c4d67b965af1a9ce043d445b3fa5d8ce617dfa2d6ef8b06002f8e1
- SSDEEP
  
  24576:3qpXIhjkNbsNcg8McK/kUacq9Zm7W8WQYI:ahI1UgBVu39Y7GQY
Score

10^/10

remcos baloto rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosbalotorat

behavioral2

remcosbalotorat