Overview

overview

10

Static

static

1

FR ELECTRO...90.exe

windows7-x64

10

FR ELECTRO...90.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FR ELECTRONICA No 98765454657687988998675434576890.zip

  • Size

    1.7MB

  • Sample

    240930-wtz6psyemp

  • MD5

    f447c84d67d69d4162e5ae4e0d4a6601

  • SHA1

    4ae8191cff1308dbd8085269743625ca66f6163b

  • SHA256

    0769e20f61ae4071ce2999681d99d029f2fa2980338e42f6d261308872a113be

  • SHA512

    c9ba773c516f306bb00fc71a38b46aec2a679502922548d85a34c873bb2f708cea063b68d17fe5ec9bfe60739500bffcf8cb6abf258f035025fcda1ea502bd70

  • SSDEEP

    49152:Jk9Gwx61HgPVkXWwTlnL8Rkg2k7/FeawUGv+ewRYGzoNThTZu:kG661HgFmlLIN1wUc+fRleFTo

Score
10/10
remcosrubidiscoverypersistencerat

Malware Config

Extracted

Family

remcos

Botnet

RUBI

C2

juanruizpu1405.con-ip.com:2405

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-JAM8GR

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      FR ELECTRONICA No 98765454657687988998675434576890.exe

    • Size

      4.0MB

    • MD5

      fd89f77c90e19775e90ec54a80d42f82

    • SHA1

      e8a968288f474033fe8e7cad75df15ae93afb72a

    • SHA256

      693ed4e7a217db9a61235de262cb848f8287a9e1985d8a399f5b2a1d2be0a790

    • SHA512

      97d8e9b536726919c751e324925429342d0fdcb9b86759f7a32cbc6927136a1205cb01fc0284ead72963ffb011587c6b03f72a0460e56716ba8b5854b9c05182

    • SSDEEP

      49152:JEA9P+bz2cHPcUb6HckXb4SOEMkBeH7nQckO6bAGx7jjTVm+u88nHq5HTpX3338W:d92bz2Eb689d7B6bAGx78EX333L13

    Score
    10/10
    remcosrubidiscoverypersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks