remcos | d7ec161e0aefff701f1b633bb45364d70e47036618e5ade5246b4cde325f1b58 | Triage

Sharing

General

Target

Fact0005124855261280002024152812025856.zip
Size

1.1MB
Sample

241001-vlaems1akr
MD5

bff3244cad3d1f1e7aa5f2ca365d4e9d
SHA1

d96859e0c207e74b69664612877c8978eaa16ef4
SHA256

d7ec161e0aefff701f1b633bb45364d70e47036618e5ade5246b4cde325f1b58
SHA512

aeffd2d1d0e80acbd28a223f03882aac227203b4a895518f030654ed69a5d0967c194a39aee77a9b95057a369a6325e45bff4415ee384d897e8474f2f0ecbe02
SSDEEP

24576:3RLWXR2r+nbuYVmnGnAWxsh1YFv+KCA3ILzIjH5PxUIuhAOCY:3R42OBpnQC5YoZJJeAW

Score

10^/10

remcos acapela discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

ACAPELA

C2

septiembre30.con-ip.com:7774

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-NS2WD0
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  Fact0005124855261280002024152812025856.exe
- Size
  
  2.2MB
- MD5
  
  291e1bf8c820aa81df7dddfb2dce96f5
- SHA1
  
  43d8b23fe521f0b9bf3587c7ebf9c133d13dcd5a
- SHA256
  
  72fbaaef0c626c82427e373185cfc912407c578fa71719d6a2d63e855415a36d
- SHA512
  
  300249066bf1cafbd35e61a91da5d4655219244b74822bf203503dfb21fc2a2a730f0907067e903aabb755f04ddc1766e5a4f9c1ec401529c1881acc1a0f6335
- SSDEEP
  
  49152:3SExfUhLR7Kg8RjShl0QecYBNYPMI3+H+r:3SExchlfecYBaEIc+r
Score

10^/10

remcos acapela discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosacapeladiscoverypersistencerat