General

  • Target

    TRANSFERENCIA BANCARIA REF_ 07708239 FEBRERO 13 DEL 2024 REVISAR.eml

  • Size

    26KB

  • Sample

    240214-vsmcsahd57

  • MD5

    d45468903ad80fb8fbda1bb73fbe16d7

  • SHA1

    c0a4f9f91ea45823ba9977324142f7626ac62c4d

  • SHA256

    ecb0d368da308effe5b12e289b6915656de1a730dd80b265721890d45345f433

  • SHA512

    e2d93169028125859bfde8cae376a5370b16f16321e530a92e86b89a8db739cbddc859be1acc6f7a30e0981424b20d770f3748fa626a440450da2cf5024bef56

  • SSDEEP

    768:METELKfctNaS8GdQE8Ec1cDN811bPXNCkzJD/lEwI6:etNaS4EkcDu11T5t/lEwI6

Score
10/10

Malware Config

Extracted

Family

remcos

Botnet

AAAAA

C2

dgfrnvkdjnrljfre.con-ip.com:1992

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-1R2ZDR

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      TRANSFERENCIA BANCARIA REF_ 07708239 FEBRERO 13 DEL 2024 REVISAR.eml

    • Size

      26KB

    • MD5

      d45468903ad80fb8fbda1bb73fbe16d7

    • SHA1

      c0a4f9f91ea45823ba9977324142f7626ac62c4d

    • SHA256

      ecb0d368da308effe5b12e289b6915656de1a730dd80b265721890d45345f433

    • SHA512

      e2d93169028125859bfde8cae376a5370b16f16321e530a92e86b89a8db739cbddc859be1acc6f7a30e0981424b20d770f3748fa626a440450da2cf5024bef56

    • SSDEEP

      768:METELKfctNaS8GdQE8Ec1cDN811bPXNCkzJD/lEwI6:etNaS4EkcDu11T5t/lEwI6

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks