Overview

overview

10

Static

static

3

CIRCUITO 0...AL.rar

windows7-x64

7

CIRCUITO 0...AL.rar

windows10-2004-x64

3

CIRCUITO 0...AL.exe

windows7-x64

6

CIRCUITO 0...AL.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CIRCUITO 01 DEMANDA EN SU CONTRA NOTIFICADO EN EL DIA DE HOY CARGO PROCESAL.REV

  • Size

    2.0MB

  • Sample

    240516-vpdw8seg9z

  • MD5

    57e8fd539c676f1c9edcff8d92a67aff

  • SHA1

    d9512e1f98839d90e95bb6c27f0e8c22a89372da

  • SHA256

    dca3cb7fe33702fd43095f2c3995090f0ed40ee0be9ac2b05196cd92f82307b9

  • SHA512

    58ef9070f2c51d51c20881cb6cb4fa5ee17d48ca15df1fd0812dfa91385d83e1cb8b8eb881c02282c78d7d4bed65f92e205ee9c615b11ac5d156c465b519220f

  • SSDEEP

    49152:GhNHNW0gcdgefDl3VgXebgvCTNr3FiTyDIjr:GZxGXQ10eDIjr

Score
10/10
remcosspacolombiapersistencerat

Malware Config

Extracted

Family

remcos

Botnet

spacolombia

C2

areaseguras.con-ip.com:2701

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    loggsd

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    Rmc12145501-WMWIXV

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      CIRCUITO 01 DEMANDA EN SU CONTRA NOTIFICADO EN EL DIA DE HOY CARGO PROCESAL.REV

    • Size

      2.0MB

    • MD5

      57e8fd539c676f1c9edcff8d92a67aff

    • SHA1

      d9512e1f98839d90e95bb6c27f0e8c22a89372da

    • SHA256

      dca3cb7fe33702fd43095f2c3995090f0ed40ee0be9ac2b05196cd92f82307b9

    • SHA512

      58ef9070f2c51d51c20881cb6cb4fa5ee17d48ca15df1fd0812dfa91385d83e1cb8b8eb881c02282c78d7d4bed65f92e205ee9c615b11ac5d156c465b519220f

    • SSDEEP

      49152:GhNHNW0gcdgefDl3VgXebgvCTNr3FiTyDIjr:GZxGXQ10eDIjr

    Score
    7/10
    persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      CIRCUITO 01 DEMANDA EN SU CONTRA NOTIFICADO EN EL DIA DE HOY CARGO PROCESAL.exe

    • Size

      4.8MB

    • MD5

      50fdbbe7ce281a920f02f018c1063daf

    • SHA1

      e8f4cb97cd186c0dd95f68a7d12d66bd0ebb821e

    • SHA256

      2ae3628d8179cadc0b265fe4ecdd4859c9bd3932f50ff9b49a8d27300426f3fe

    • SHA512

      df0557de4719a5cf6c73e07c225e0dfe5e022a1d8890a03904f0fcbe62cc559891da87649d9426e286d65609229146f35c8097bc56dcc71f5851089669141b68

    • SSDEEP

      24576:suySi5UkgjlgsRy48t53Ry8ymkw/fwolbG/k9PKukK4lDuIYsozmMp666TDVIGGq:

    Score
    10/10
    persistenceremcosspacolombiarat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks