remcos | 5d3b8b5ed54d8455f0ea2f09166a443461ceb0b2cba66c0d1e3d631995319957 | Triage

Sharing

General

Target

a82976113cbe04248b7fd64baf42c162.tar
Size

1.2MB
Sample

241009-2lhjkszfqg
MD5

a82976113cbe04248b7fd64baf42c162
SHA1

57aeb8766821ff94dad9a5dfc56498d7dc0189c1
SHA256

5d3b8b5ed54d8455f0ea2f09166a443461ceb0b2cba66c0d1e3d631995319957
SHA512

7929973fcced746c54e45a110cae0572150efcdbd3c6cbd60cfef3ddf4184e52bedefd0960ca2238880e466bb87a597f9848d8c0d09087860e8f4b88e94bf5ec
SSDEEP

24576:qDsfJFvr6RBXs2DIZLRA1FL56gnBRDlGqdSmZR3VrH+Dyx:LfbD6RBrDIFRyiurDlDS8BVrsyx

Score

10^/10

remcos nuevos discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

nuevos

C2

sept2024.con-ip.com:2008

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
registros.dat
keylog_flag
false
keylog_folder
regis
mouse_option
false
mutex
dhvbskdfkasbljdnlscdcsc-62S6QS
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Capturas de pantalla
screenshot_path
%AppData%
screenshot_time
10
startup_value
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  Oficio Judicial N° 00983849993 tribunal 002 09 de Octubre.exe
- Size
  
  3.2MB
- MD5
  
  8e1a63d59985869239ad6a909a63b815
- SHA1
  
  d51e3555560a28ab9c8761764603431d79bd4f09
- SHA256
  
  96281896554aa3150884b5e2434f1339fb69e0cdf0d295ec3c7c3e183c91c048
- SHA512
  
  aaae756dc649f9993a836be00e5daaefc4263badc3c69fd5f32aed53b6df747a5d7f2464180a17aaa1b14537284191f4ca6a60cd2ed10236ecefcf2c74907f4a
- SSDEEP
  
  49152:27WzyO6uxaSMhnNi1KvdokswaBN9i88nQ8NIai1Q5+esy:UWGFiMvBshzi3nQiIb1Q5Ay
Score

10^/10

remcos nuevos discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosnuevosdiscoverypersistencerat

behavioral2

remcosnuevosdiscoverypersistencerat