remcos | ccd13453cd900e21fb348f7e83eec9dfc9a42fcd4f314e2762a38fcf5366c969 | Triage

Sharing

General

Target

formulario_agendamiento_citas.bin
Size

10.2MB
Sample

240826-2c4qfsycrh
MD5

8d981cb9e3de72c43a6719b0ed5720a9
SHA1

bdf4ec06e8a186c6ab37c1787c4d8780839d3ee2
SHA256

ccd13453cd900e21fb348f7e83eec9dfc9a42fcd4f314e2762a38fcf5366c969
SHA512

e0472605c240d652ce6a42c30d46c2951eb529e6168a5a17cba7246b713a5124e006e1e4515f37ce9d134ae933b3369414f31eb9469ade23d66fce78129b9be8
SSDEEP

49152:XhW3i7bFgNytWWi402S6EtHkrXpNRSZFmronXwRgc/LqrgYNFQgvCNKoeL5wIEUy:+iGASb9cgNC2AReAf8rrXo

Score

10^/10

remcos diciembre 13 whatsapp muchacha discovery rat

Malware Config

Extracted

Family

remcos

Botnet

DICIEMBRE 13 WHATSAPP MUCHACHA

C2

autgerman.autgerman.com:2203

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
Acobatlg.exe
copy_folder
edqelofh
delete_file
false
hide_file
true
hide_keylog_file
false
install_flag
false
install_path
%AppData%
keylog_crypt
true
keylog_file
logs.dat
keylog_flag
false
keylog_folder
tonickj
mouse_option
false
mutex
bullredlz-ZRH66A
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  formulario_agendamiento_citas.bin
- Size
  
  10.2MB
- MD5
  
  8d981cb9e3de72c43a6719b0ed5720a9
- SHA1
  
  bdf4ec06e8a186c6ab37c1787c4d8780839d3ee2
- SHA256
  
  ccd13453cd900e21fb348f7e83eec9dfc9a42fcd4f314e2762a38fcf5366c969
- SHA512
  
  e0472605c240d652ce6a42c30d46c2951eb529e6168a5a17cba7246b713a5124e006e1e4515f37ce9d134ae933b3369414f31eb9469ade23d66fce78129b9be8
- SSDEEP
  
  49152:XhW3i7bFgNytWWi402S6EtHkrXpNRSZFmronXwRgc/LqrgYNFQgvCNKoeL5wIEUy:+iGASb9cgNC2AReAf8rrXo
Score

10^/10

remcos diciembre 13 whatsapp muchacha discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosdiciembre 13 whatsapp muchachadiscoveryrat

behavioral2

remcosdiciembre 13 whatsapp muchachadiscoveryrat