Overview

overview

10

Static

static

1

Por la pre...24.exe

windows7-x64

3

Por la pre...24.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03109aa4f7d119e6de41cb4c09a04771

  • Size

    39KB

  • Sample

    241008-3gqvtsybnr

  • MD5

    03109aa4f7d119e6de41cb4c09a04771

  • SHA1

    4456f45b3620023ffe724e6b94a83980e1421e2d

  • SHA256

    b1dfa177aa0bbd8914d9cf464185ff01c548b6f58cac243fd85fef2a64f8d351

  • SHA512

    23962ca720e1f1843af464c430add448c5116084e7d0aa44cbe9f13c2a2ab616d676e1752f7c2b1e7c67745b033427327679b6d602aaadb7cf50b8c94479d56b

  • SSDEEP

    768:RoSaBnZ03a7HRi9GoE8834cWSDlg/Tw6WxgOEYIc0xXi1Eo6:RzaBC3a7HcGXPtDkTUQYIcG6y

Score
10/10
remcosrecibidosdiscoverypersistencerat

Malware Config

Extracted

Family

remcos

Botnet

Recibidos

C2

desconocido07092024.con-ip.com:1510

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    registros.dat

  • keylog_flag

    false

  • keylog_folder

    apdata

  • mouse_option

    false

  • mutex

    juhygtfredkjhn-EOHZIH

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Capturas de pantalla

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      Por la presente, le informamos que su relación laboral con IPS Gualivá finalizará a partir del 16092024.exe

    • Size

      156KB

    • MD5

      72fcf1d9934d5f046de9eb1bbfbcea12

    • SHA1

      ed5f5cc5ca8e46169ba8994393833451dd5dceb2

    • SHA256

      7d65c8b2ad99c4d05bdd1be3b963f40016ccec8769fee4166de166159fc35c51

    • SHA512

      c145060296f937900d1fa1c9a254c7082f764d0565566d378ae2c3876eb11c5940b0ca1aa7d921ba1e0350ea31c350686b6e2c49f26e2a4256c108227710a93a

    • SSDEEP

      1536:R0JnSp1HzoN3423mVxWaopvLJR0SEZfHe7/axJ2:vod3myasRKfHej5

    Score
    10/10
    discoveryremcosrecibidospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks