remcos | d434e12726aee7ad7378dc4e395dd5f8fba6255546eef9e1dbb51d52d966af2c | Triage

Submit
Reports

Overview

overview

Static

static

1

2024-04-19...er.exe

windows7-x64

1

2024-04-19...er.exe

windows10-2004-x64

Sharing

General

Target

2024-04-19_de717951989420c6b9790c9160a23d35_magniber
Size

1.3MB
Sample

240419-a2vqasbe75
MD5

de717951989420c6b9790c9160a23d35
SHA1

df8621b3d9fa7e4e1d511d6ff732457aac6a0a1d
SHA256

d434e12726aee7ad7378dc4e395dd5f8fba6255546eef9e1dbb51d52d966af2c
SHA512

77bdb1c94823c3340082ad5b3ba064cbbd4116758866795053d1b7b0da2f6ba07ad6a94ed8d721aed339a69f5499f0f87406a8dccc64e30aeeb5ef5976c22096
SSDEEP

24576:ZQHDm64xrB90l7rjM19qIljCh/qIxjySlfa/JY78NLRAgTE//aZ66z24VZbH:J90NM1gqjEBa/S8NLRdTE/iZ66z24VZb

Score

10^/10

remcos aleteo persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

2024-04-19_de717951989420c6b9790c9160a23d35_magniber.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-19_de717951989420c6b9790c9160a23d35_magniber.exe

Resource

win10v2004-20240412-en

remcos aleteo persistence rat

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

ALETEO

C2

abril18.con-ip.com:7770

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-PO8SC5
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  2024-04-19_de717951989420c6b9790c9160a23d35_magniber
- Size
  
  1.3MB
- MD5
  
  de717951989420c6b9790c9160a23d35
- SHA1
  
  df8621b3d9fa7e4e1d511d6ff732457aac6a0a1d
- SHA256
  
  d434e12726aee7ad7378dc4e395dd5f8fba6255546eef9e1dbb51d52d966af2c
- SHA512
  
  77bdb1c94823c3340082ad5b3ba064cbbd4116758866795053d1b7b0da2f6ba07ad6a94ed8d721aed339a69f5499f0f87406a8dccc64e30aeeb5ef5976c22096
- SSDEEP
  
  24576:ZQHDm64xrB90l7rjM19qIljCh/qIxjySlfa/JY78NLRAgTE//aZ66z24VZbH:J90NM1gqjEBa/S8NLRdTE/iZ66z24VZb
Score

10^/10

remcos aleteo persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

remcosaleteopersistencerat

© 2018-2024

Terms | Privacy