Overview

overview

10

Static

static

1

Notificaci...ca.exe

windows7-x64

10

Notificaci...ca.exe

windows10-2004-x64

10

Notificaci...MI.dll

windows7-x64

1

Notificaci...MI.dll

windows10-2004-x64

1

Notificaci...EX.dll

windows7-x64

1

Notificaci...EX.dll

windows10-2004-x64

1

Notificacion/AsIO.dll

windows7-x64

1

Notificacion/AsIO.dll

windows10-2004-x64

1

Notificaci...al.htm

windows7-x64

1

Notificaci...al.htm

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Notificacion.7z.rev

  • Size

    1.2MB

  • Sample

    240319-xn7t2adb2s

  • MD5

    ae596f1f90eb3b5ea4e1e2cc0347f4a5

  • SHA1

    4a58fd03a8705e0bf15c9a58b227c98fab14d5c9

  • SHA256

    cd7c3f2c5f79c619b75afa181ed0c7e7215025a8ea514a2680f8e30bb424aef8

  • SHA512

    1994dcb2197618dd9094e708099f55462e540fd6ae408271a3a85b3efde01280e04510deb11931f48036a9e0233e6a8d7a8b12cd351729976f94021087330ab3

  • SSDEEP

    24576:ofZmSfiNyPYsF16EgBXBdL10ApfbLSMzjP12w7csEZ/hXxkZqSzYWtw7:o3ifI16PBdCunhjI4lEZpXKZzMW27

Score
10/10
remcosremotehostrat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

febrerososte.duckdns.org:1213

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    registros.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-FY15HO

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Capturas de pantalla

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      Notificacion/01Notificacion juridica.exe

    • Size

      446KB

    • MD5

      485008b43f0edceba0e0d3ca04bc1c1a

    • SHA1

      55ae8f105af415bb763d1b87f6572f078052877c

    • SHA256

      12c22ba646232d5d5087d0300d5cfd46fed424f26143a02dc866f1bfceab3c10

    • SHA512

      402652786daae635c7405f5fa0924d768cbde2086f9f57b10f00f921dec98e37168f5c3a6baa5593ba9a478f3971d32747c517ffd485d25634c924e6b08815b1

    • SSDEEP

      12288:vK5+DMJA3TAz4plk9iZOOti81N5y1qMIg+GV5Zul3M:y5+DMJA3TAz4plk9ijK1qlGV7ulM

    Score
    10/10
    remcosremotehostrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Notificacion/ASUS_WMI.dll

    • Size

      224KB

    • MD5

      fc195ceb49f286113ba7ef14d4aeaa5f

    • SHA1

      586677479f1565e1705d38b07274cd79e62b1b64

    • SHA256

      eb51aedd6dded1db3ee78c6916a398a2b8537f02e932ce8307a2724e3e564916

    • SHA512

      e0bc4191a09b47e216aae79a723aaa4ac6fbe9bfae846b51131969bedc5fb1072c2b43396025b8aa3508cd989ba402532692e8e457c4777332e42a88bf30ffa2

    • SSDEEP

      3072:x4WuqFgPmBNEP8hXzGXPkW6ZZWWegHI/jQoAg0FubAxZ+051gh9b6q/TeWdY81:x9t2chQ2ZWWeDAOAZCLeWa81

    Score
    1/10
    behavioral3behavioral4

    • Target

      Notificacion/ATKEX.dll

    • Size

      84KB

    • MD5

      e68562f63265e1a70881446b4b9dc455

    • SHA1

      da16ef9367bde3ce892b1a0e33bc179d8acdceb3

    • SHA256

      c8b16f1c6883a23021da37d9116a757f971fe919d64ef8f9dba17a7d8dd39adb

    • SHA512

      6bedea10a5b50f6e93e8566c18970c8ad1b8dfc7d5961069fc5d5216dcdded0b2a2ad8dd91f4ad80f8604d573a343c126df238ee5c448cdc26b899077957a674

    • SSDEEP

      1536:C3zQ0q8XqIh06v0UQpTcX+CZntb9lviEossWVcd+u8Nc15TCvOM:UqhIh06vKpTcX+El2+uKc15TCF

    Score
    1/10
    behavioral5behavioral6

    • Target

      Notificacion/AsIO.dll

    • Size

      120KB

    • MD5

      3e2c867b129165acdb3a457e131b90bc

    • SHA1

      f538fa5705229da2c4403830d8c9f13e3a885f73

    • SHA256

      e1bb63ccac541b38266228acd3d77a141efc468a69c3f821bfcc06330ce86815

    • SHA512

      8a6574138f43e263f045bf5b1f2b0fb495fb0d424c403a0fd5a19959bfc970243b43c46f4dff86091d34980d3be9bf07034d9f3478ac7043ef0bbf5e2ed365bf

    • SSDEEP

      3072:mLCK0llptaTHfPwr5pm6Qi0ZqnPkNP97bLL:m+bllaborzQtzVbX

    Score
    1/10
    behavioral7behavioral8

    • Target

      Notificacion/mural.htm

    • Size

      1.0MB

    • MD5

      0832ce4e883bb104673bb67adbc15411

    • SHA1

      55c2a7d66f36222d3873746aad55cdeb298758a7

    • SHA256

      6371cc7843e5b8129a6c2f1a310421dbfc0f13466da7c087bad405fc710ca3c3

    • SHA512

      d08a0b709a888474d1e0773fe2e87c86c704307d09a8fd872bb9228042c776c59cfb91ec9bacafc5ff2659875862e95acdbd2acb6498c32168a5cb2a0d6c8b55

    • SSDEEP

      24576:uHyFvkd7/t1jCae7THzaAgs5+YwDrmi+EehQsR5ParqNZUZWveiEMzzQ:rqd7/tEaevHgrqiSD1EMzc

    Score
    1/10
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks