remcos | 96e77df42016a7a980b96cd30182b9b72fae1e8fbb8dd3ae026fd05806564f07 | Triage

Sharing

General

Target

cb1c2aed39e7131cea8f6d10461450a2.tar
Size

1.8MB
Sample

241009-2newgazgjg
MD5

cb1c2aed39e7131cea8f6d10461450a2
SHA1

ca3ad07ec58843da84859554b293d11ebae423c1
SHA256

96e77df42016a7a980b96cd30182b9b72fae1e8fbb8dd3ae026fd05806564f07
SHA512

f67fc0789c08e2faa09deba32cffdfd749151bed273af45962b8a17670c78146ef0cc1a77ec4bb16f265030340e092f38baf3f57722de66b355365d126b0cca7
SSDEEP

49152:8Sc6lXa3QzArEIFYEOxjY54snscfN/RlU1vF4j:5ce/cIjxjy4snv/WvF4j

Score

10^/10

remcos octu discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

OCTU

C2

segurosbolivar24.con-ip.com:2006

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
registros.dat
keylog_flag
false
keylog_folder
regist
mouse_option
false
mutex
ljnghvfghujkvgnasftnz-X8YJ1F
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Capturas de pantalla
screenshot_path
%AppData%
screenshot_time
10
startup_value
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  Doc 948534959345435 extraordinario Vencimiento de crédito 08 de Oct.exe
- Size
  
  4.9MB
- MD5
  
  cbdd93c0f2fdc3549188bad11af2cbb6
- SHA1
  
  bb8023707452a17e8236cae8d2e7a11cc0ec8c1d
- SHA256
  
  8aa24e0acffe7459f0662e8f3852fc34ed65a6e05cd468bdbc4c7a30c480a169
- SHA512
  
  8cfcdee2366f3d7e276070e7a353346600f58da66c4dbe940a8db58a5b1b6c1bea91fac7fd6a99b8db7a9e3bc09f2b491807e2af91b1aba6b16631a15f41a919
- SSDEEP
  
  49152:GSq2zkGQxfkScRd2j4309+eZypv0rMHul1gUuu9blTeYbkqFTckW4lLFQoMHMZKB:GStzEx9xypvogUuuhkYbkqFWCMojwH
Score

10^/10

remcos octu discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosoctudiscoverypersistencerat

behavioral2

remcosoctudiscoverypersistencerat