Overview

overview

10

Static

static

3

UCL 005128...03.exe

windows7-x64

10

UCL 005128...03.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    36628087b7a595591e07e23e69d72870ae60aeeefaaf6a16990fe18be11cfef7.bin

  • Size

    1.7MB

  • Sample

    240313-ywwx6sfb6s

  • MD5

    a9a888f435a4ace61a405a95d23db01c

  • SHA1

    7f0f4d70c41c5a93857e608bb3ebf55562372e04

  • SHA256

    36628087b7a595591e07e23e69d72870ae60aeeefaaf6a16990fe18be11cfef7

  • SHA512

    85879565d197e8f65e47adb2897e15397747ae4435a89029e69d256bd96e8938f41a866b16fb22b46450515ad2b0e87054f183ef61608874ea7eeddb694f777a

  • SSDEEP

    49152:07XI5jgmXnb7vEfl4ubE5XESOQoSUNsi8hqf:+QhXn3vRubGX+JJ18hqf

Score
10/10
remcosdinerorat

Malware Config

Extracted

Family

remcos

Botnet

DINERO

C2

febrero21.con-ip.com:7770

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-EPY44I

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      UCL 0051285512803600009852711586259912800003.exe

    • Size

      1023.9MB

    • MD5

      70df79978092172605d313c0713baefa

    • SHA1

      32d938801f3f73db4a3f73fe98a2ce8bc2a1799a

    • SHA256

      b20924ca8a3979feb6350f4ea8b497b4082cb1d107290ebbd0e8e2f0665ddb8e

    • SHA512

      a275e119ffc307f8874df3b7b429362800bfaf9e614db068b6f927c404827d52e73491d2c9fa70d22cd21b2f634a7e1e50327586d378f534c21fc283f587ec2a

    • SSDEEP

      12288:yJKSJmVh2r+9EQLOrZOpWcmh1SRSjDf3q6V35DA03YToNma5F9VX/NHpGeClfep5:GKSMVh2MqnXd3oKma5Ff/Lglfedx

    Score
    10/10
    remcosdinerorat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks