remcos | df1161ca9eb45bf7679982ea7a5629c89f592c12ae75197ed4cfb39af919b0e6 | Triage

Sharing

General

Target

OFICIO N° 00329493234 RADICAL ACCIÓN DE TUTELA 02024-0059.tar
Size

1.4MB
Sample

241003-v3klyaxepm
MD5

a41396b955171c997cbfdee9d9783336
SHA1

07efe22552308514a3fa15b3cd1a0854110702e4
SHA256

df1161ca9eb45bf7679982ea7a5629c89f592c12ae75197ed4cfb39af919b0e6
SHA512

8997e461c6455f3a9045c8139ccbb8b86c6698dcf61681bd901c3ce0123ab950506e849d5e69cfbecb5641ebacfdb62c7ea6e16e16c077c110debb7151568b45
SSDEEP

24576:5yqEAY4g8Wz0izxXwVIs8ThRdJpP77050dcgXtWHz+a/04EXE/p6:Qn+WzDzxXwVChRdJ9k5pscHia/6ag

Score

10^/10

remcos mango discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

MANGO

C2

enero2024.con-ip.com:2005

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
registros.dat
keylog_flag
false
keylog_folder
registros
mouse_option
false
mutex
bgdfvcujthdkijagnchgdk-VWA9IM
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Capturas de pantalla
screenshot_path
%AppData%
screenshot_time
10
startup_value
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  OFICIO N° 00329493234 RADICAL ACCIÓN DE TUTELA 02024-0059.exe
- Size
  
  3.7MB
- MD5
  
  5e1610ac721b1358715549d10a64f298
- SHA1
  
  3d796a7cba3376f0b0d4ac8b4b225b9ce4882181
- SHA256
  
  7a325ea3765b6c64aa01c1efabe53d9829e29c134c76096aa9cdd7c7c7e2874a
- SHA512
  
  bdb697c843e7d4ec81d0b831e09ca9b3863d910100675f19727572baaefe9979aae76dedf24c54219411f53ae9ee15ae46c7df95465eda29a916623fc053aace
- SSDEEP
  
  49152:zC8nc/DY7yJiS/T9D8Tk6SRdkpvRFpybOtNYPMI3+KzppPTA14DtB7I6aXG:zCv/1RRd8FpybgaEI9a6a2
Score

10^/10

remcos mango discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosmangodiscoverypersistencerat

behavioral2

remcosmangodiscoverypersistencerat