remcos | 57f458ba299ffb24f922e3ad863f510ccdc1fd0fee44c3ab8b134186d9ddfc01 | Triage

Sharing

General

Target

ADJUNTO ARCHIVO CON CUENTA DE COBRO POR $2.000.000, FAVOR DESCARGAR PARA SU PAGO OPORTUNO.rev
Size

564KB
Sample

240913-zsnm3ayhjf
MD5

be7680c8bfc44034c8f7cd6b0c9d0dd2
SHA1

3c38fe2fea65b5c677cc7eff93cd5dfa2350567f
SHA256

57f458ba299ffb24f922e3ad863f510ccdc1fd0fee44c3ab8b134186d9ddfc01
SHA512

a4e36c632f257580117b9c929a98373eea0e7bce54ec7a388a6cf85cc483ca019b32216a4f47f469ab5afc5a976c567129fa54218ba013c058aedbebb443695c
SSDEEP

12288:LYbqYkBHAp80DlcUpcexJa4vU1iHRU3tvDgGcs:MmnRAh2G9xw4vU1qU3dPcs

Score

10^/10

remcos plata discovery rat

Malware Config

Extracted

Family

remcos

Botnet

PLATA

C2

comercio43.con-ip.com:1835

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
registros.dat
keylog_flag
false
keylog_folder
data34
mouse_option
false
mutex
kiustong-7N6PEP
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Capturas de pantalla
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  ADJUNTO ARCHIVO CON CUENTA DE COBRO POR $2.000.000, FAVOR DESCARGAR PARA SU PAGO OPORTUNO.exe
- Size
  
  1023.0MB
- MD5
  
  91e9ce49b650ce147c174a6e17001c70
- SHA1
  
  bc427a785e32378edffcd314179fc08510d8237a
- SHA256
  
  4704066f7fdf1f819c4d8a25a07dbf021a5a3e47949edfdacc10fa6d98f23225
- SHA512
  
  cfdd721244deba2c449a2af27072e43dd8475c61b1ce2fad02abb83e86c7d9c8a5d1678f2f2ece01a8f7d3d4a84b50e9a89c69417b925f7f4af9d998f7c9e178
- SSDEEP
  
  12288:75RVeIv1Jyhik2XF62YPtnsMg9t4q78cjNgT8Yz48h7UJ:9RVeIv1JygrV6XtsRVUS81UJ
Score

10^/10

remcos plata discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosplatadiscoveryrat

behavioral2

remcosplatadiscoveryrat