remcos | e29d9a6f02d0edfaa7ac6ebe6bf98d26c5f782ac5d4151d44110615221939d14 | Triage

Sharing

General

Target

27c1546f9b5ab7761f549e126e6078e7.zip
Size

2.2MB
Sample

241009-2f4jvswbll
MD5

27c1546f9b5ab7761f549e126e6078e7
SHA1

e6ad83cc6216b2cb195314d216ce2c14a9bc9b6f
SHA256

e29d9a6f02d0edfaa7ac6ebe6bf98d26c5f782ac5d4151d44110615221939d14
SHA512

4a33286d9b72081396cdd30e67fe6853ff59990c6e55a78ee90af8b0b27082cc1628f684fe976fd3894d2c4c56126a4ac73c5a885aeb1f2556bf6ef5d89543cf
SSDEEP

49152:0kAo62lDeq87oNjNq6EfyBLShTZAGb3/uqUBv+dHFwL:lAGkqXHSyBuBZAkuqUBvq6L

Score

10^/10

remcos voltarger discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

Voltarger

C2

dfgdfghghfhfh.con-ip.com:1665

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-I3REIW
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  PAGO NO 8976584357898765431324567897654321356789.exe
- Size
  
  5.0MB
- MD5
  
  c3d2fd23d6fa4ed900ac6e461f052378
- SHA1
  
  a7354d81c775342f305ff8392cd6c55942678ffd
- SHA256
  
  f2002467bcfe1a5425461a16eac5e65844615f5ac03a9460f58a7afe470340cd
- SHA512
  
  d2932644d289de0b37877b35fb3a8fe4f5d1b6ea383fa9b9bc9a4f3d80b552ab4dbf2a457434c41b0cb36535572cacb79a8a8253571ec4bb0601ec5095dcb210
- SSDEEP
  
  98304:y/k9oQSzllDi8miotam56KNGiomHbJd5ML+wa6Qvi3nQiIh:yfQSzDDi8miotam56KNh7JaQ6Aig
Score

10^/10

remcos voltarger discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosvoltargerdiscoverypersistencerat

behavioral2

remcosvoltargerdiscoverypersistencerat