General

  • Target

    NOTIFICACION DE DEMANDA DE LA ALCALDIA DE INIRIDA - JULIO 18 DEL 2024.bin.zip

  • Size

    2.7MB

  • Sample

    240719-v1bags1hnm

  • MD5

    ce9007ed1fe280daeee22cd1943a6922

  • SHA1

    c4018c9af0fa5d25766db0debc50973c635b941e

  • SHA256

    d340b977be533b8eb83e5e5833a643097202b32c7f9e4fdfacb327c0213a7bc6

  • SHA512

    f111166b171549f701323c0674e8435376f8c3ba27cc6e6d45c801ec72fb60fbab127eab324899a2e8e503a8f0ad4f094a3b640f8c3eac1949e5f2bebebd1dd9

  • SSDEEP

    49152:dwTBV1EbJQHNhclJ1FC+clDfQYL9A9nxnqUHRuthv1e7ZsFlKyh+jpvUM6g+by:dQ1Ebx1Jel9A5xnOv87ZKcZjmMBey

Malware Config

Extracted

Family

remcos

Botnet

JULIO

C2

jesusgabrielahumadalora09.con-ip.com:1880

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-6IGA3D

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      NOTIFICACION DE DEMANDA DE LA ALCALDIA DE INIRIDA - JULIO 18 DEL 2024.bin

    • Size

      6.1MB

    • MD5

      fd3edb3ba048be7a689812fd8458db80

    • SHA1

      424155f182cd808b457199f4ea1399f47cc5d519

    • SHA256

      d83a3e7f6b9122316b344fb87d2616faa3d33c96c7d11b155fc4f85e4695fa1d

    • SHA512

      5fcf76804d894f9c8a9664acc7f745ffa48abf3b2655ee8ce63559a5be71d9178c3154792beda0c9415da1357131394e88d8fd7fd7ab08dc510836b58d70703c

    • SSDEEP

      196608:0F+3g0IQHdPtjOLokUebxVGqQGiB9Ya0FJh:bKQ9PtjSs/GiXYa0FD

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks