remcos | 05d39d2802d2309a840ac3daa98544f30554d94681137f38969b4817174386fa | Triage

Sharing

General

Target

ee72256e3aa662dd1297025fa567cf91.gz
Size

1.6MB
Sample

241009-2ja2qazfmb
MD5

ee72256e3aa662dd1297025fa567cf91
SHA1

ab7710ee1719430bff3fe4b70e0a53efaa79bfa1
SHA256

05d39d2802d2309a840ac3daa98544f30554d94681137f38969b4817174386fa
SHA512

9bae8ca386ed128f3c0d6901aed56a6cdb97efbcda861f664e5a8644a0a5f943684c85ad6b2fdc8cf0e19b14e097f2e5bbf15f6035072ff87c77d96d6129b4ba
SSDEEP

49152:o6PQzGFnuno+mmAB/SKa8wqIYy2YazYHScZyF:XRFnr+mF/Sx8wT2YHo

Score

10^/10

remcos maloh discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

MALOH

C2

octubre8.con-ip.com:7771

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-CGYV12
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  FoliosEscritode TutelaRadicado2024001676018.exe
- Size
  
  4.5MB
- MD5
  
  34ee6b8d2c0578e18dd75c52678b81ce
- SHA1
  
  6d552c784b281b8587d7e17e0c59b4d997a654e9
- SHA256
  
  d41f8ae0df709b0243db420707a5d87d45eec903ad2fda40a03963b958f83a18
- SHA512
  
  dff0f8cfb91cbc59364c8eff3a318814ac696bc99947804bd1c325d8fc3ac424a1932af4651115a26dfeda8a02b42ce3a76175c9e07c8afb48120b3f5224b24a
- SSDEEP
  
  49152:gyVdmxB5GSL4m35GyJZYMrbcDifMb2iUWZxaMxrVYTEHvnYkW4lLFQoM5LW0G:gybbOGyJZYMrb7fMb2ipZhDHWCM5jG
Score

10^/10

remcos maloh discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosmalohdiscoverypersistencerat

behavioral2

remcosmalohdiscoverypersistencerat