remcos | ab9ef7c97e8f3df11092a7c1665d986398a027115eff39852e5b3e90dcd7901c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab9ef7c97e8f3df11092a7c1665d986398a027115eff39852e5b3e90dcd7901c.bin
Size

1.5MB
Sample

240313-zdbpysga91
MD5

a6ee51815ec702b0a2d6e2872947e528
SHA1

9e9e780ed8391626b5937768f07a506274307d08
SHA256

ab9ef7c97e8f3df11092a7c1665d986398a027115eff39852e5b3e90dcd7901c
SHA512

28cb367edcf6290788e88a853db76353957ddae4e009df2896d9f2986d679ed427f0082ea513a62a5e0a1415e97f0ac77c2965036a578ffd1e73ff40adc35476
SSDEEP

24576:94c+AK527n4GuWF4g2xbgcB7MYYRQy48tt41NJXp/yg0kxtk94gV7ShEj9Jh8ybj:r+V527aWK1bj5MYYj4A41zp/r0P4XEiW

Score

10^/10

remcos bbbbb rat

Malware Config

Extracted

Family

remcos

Botnet

BBBBB

C2

wrfegvfdsefme.con-ip.com:1995

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-7VBNRJ
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  NOTIFICACIÓN DE BANC PERSONAL PAGS EN LÍNEA PSE F05E1046288 FEBRERO 19 DEL 2024.exe
- Size
  
  1023.9MB
- MD5
  
  8d2bb71d17ae363030fa71bf9bf67809
- SHA1
  
  59568fd5bf37bea82f9bceb697cf96c70142360f
- SHA256
  
  7b4f1f120c3510acb3d2a0eae87271a2a0af5b409d7196d2bbe1142e4eb4ce89
- SHA512
  
  b7a1fc14b18c8ac67efac73abace6b612cb353feef567fec8c8663bf99188862cc4e5a0ddb9963cbaf10ee378224dedae9428472371cc9c0c43019b82f02a39c
- SSDEEP
  
  12288:kH3rhjOPYZ9FS9pFlgmGyUeHotOMOxTNmCllF08s:m3toYjFS9pwmIeHpjmiQ
Score

10^/10

remcos bbbbb rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2