Overview

overview

10

Static

static

1

formulario...as.msi

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    formulario_agendamiento_citas.zip

  • Size

    3.9MB

  • Sample

    240524-zpd98aba69

  • MD5

    c35b67f0e01d537c2d30391c6c010adc

  • SHA1

    937a5e4e40461c5f1c7af057b03b7578592507d8

  • SHA256

    278cc9fc0f5b2c94055904ab3fad6460f84a6b19eafdfe74f4516c499984159d

  • SHA512

    2593f8d2b433f801d41adcef2e896b2556abe6c5e4cbb220ecf27261976d8203570553c94a0610c95161bb13566e1999dfdec448f42b3eef09fbc6d5b17548a6

  • SSDEEP

    98304:9IrkzW2tFJK3cTSC9DtkwsMHUn+xz/Hb68n:9IgzW2PUXKtkxMHUkdn

Score
10/10
remcosmayo 17 muchacharat

Malware Config

Extracted

Family

remcos

Botnet

MAYO 17 MUCHACHA

C2

imaxatmonk.imaxatmonk.com:2204

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    Acobatlg.exe

  • copy_folder

    edqelofh

  • delete_file

    false

  • hide_file

    true

  • hide_keylog_file

    false

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    corpum

  • mouse_option

    false

  • mutex

    umbrelid-84JUA7

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      formulario_agendamiento_citas.msi

    • Size

      6.4MB

    • MD5

      5d6aad7d24c82c436bf84f7c96d8b71e

    • SHA1

      15eb8ced4d32db0ca3523ff29e422fd1c30feeff

    • SHA256

      93ad63b02cc57ae0aa1c184a97d5ed2f5515ee2d99a222518b470ba8aa62e907

    • SHA512

      faf8f1b85a53f886ac8cadba6c57716107f578a6b5734716750080ee72ec09c6968a2e6272074f5957612ecefd24f9634c3e19211e0639e28c047a7993ac96f3

    • SSDEEP

      98304:VRJYyhBR8PwaJ2A0pAC+tmJYoo/h8z91xS6G4ztg6ERGoNpR/Xs:z/R8PwWC+t8Z1xS6G4huIoNjXs

    Score
    10/10
    remcosmayo 17 muchacharat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks