remcos | ab08521f4741ad0cd3560166936c0f9b152b3aa4a7d4e276fbef7ff45b5ea7c1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

COMUNICADO JUDICIAL DEMANDA PENAL 17 DE NOV.tar
Size

1.3MB
Sample

231117-t9g9qacc6y
MD5

9f054bd07c793a3ac0078f7a542b20e1
SHA1

36b4c150d43776e590a4a35c76050cc81728e506
SHA256

ab08521f4741ad0cd3560166936c0f9b152b3aa4a7d4e276fbef7ff45b5ea7c1
SHA512

5f92ff543a68a0e4eb9bec51e18895509782bc89f1598690873f47739808a0f739eb2f198114ff10f8c50235a881b99ee01a97727e2b4dc6ef11a0f7734b3f00
SSDEEP

24576:YmKZDbYytq/cCTsbQK9ztG3v/oxURkPYxGAg8afsR6Cxj+2TA:YmKSMq/cCIQP3oxURirAg8ae6Wj+2U

Score

10^/10

remcos zapato rat

Malware Config

Extracted

Family

remcos

Botnet

ZAPATO

C2

mesa12.con-ip.com:1997

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-NE3MBV
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  COMUNICADO JUDICIAL DEMANDA PENAL 17 DE NOV.tar
- Size
  
  1.3MB
- MD5
  
  9f054bd07c793a3ac0078f7a542b20e1
- SHA1
  
  36b4c150d43776e590a4a35c76050cc81728e506
- SHA256
  
  ab08521f4741ad0cd3560166936c0f9b152b3aa4a7d4e276fbef7ff45b5ea7c1
- SHA512
  
  5f92ff543a68a0e4eb9bec51e18895509782bc89f1598690873f47739808a0f739eb2f198114ff10f8c50235a881b99ee01a97727e2b4dc6ef11a0f7734b3f00
- SSDEEP
  
  24576:YmKZDbYytq/cCTsbQK9ztG3v/oxURkPYxGAg8afsR6Cxj+2TA:YmKSMq/cCIQP3oxURirAg8ae6Wj+2U
Score

3^/10
behavioral1 behavioral2
- Target
  
  COMUNICADO JUDICIAL DEMANDA PENAL 17 DE NOV.exe
- Size
  
  1023.9MB
- MD5
  
  3e95b040df820f82bf20fc85150b0a0a
- SHA1
  
  65989eb0201bf26ebc2ae72f3d9f620996480b05
- SHA256
  
  780996042fdaf53e42995cb754d2313fa2eb9e15404e1ab67a720d43ebe71512
- SHA512
  
  bf389a6c717a1e2d53158c069128d0f23ee82a76b5fa60a3d82da32a755c195c2819061f010b2da10a7ef97e4e14cad890b31e00a9fb5bbf4a4784f7dded0254
- SSDEEP
  
  12288:fnsKFBKdt3cnOCbCejj1EFasIb0A5CV2HWrfx6VGdqY:UQYdlMXx2Fec22PdJ
Score

10^/10

remcos zapato rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

remcoszapatorat

behavioral4

remcoszapatorat