remcos | 962c0910bcd12efcb23e7a7d50574e7f2698bac8484a459f1215e47e0ea832c7 | Triage

Sharing

General

Target

2e7c1c5c27732f6c894a84f13dba3061.zip
Size

1.9MB
Sample

241009-rp5heawhmr
MD5

2e7c1c5c27732f6c894a84f13dba3061
SHA1

90b878105e8601746d81921e059fe783349fadb5
SHA256

962c0910bcd12efcb23e7a7d50574e7f2698bac8484a459f1215e47e0ea832c7
SHA512

20b4a576303baa1a498d2442b69d9a9c03a8f318ce8c39627895eddd91d051cdc732d64ddd113003d75d51ad5cd65a264f3a2c21a148e6a29cc73225285fe823
SSDEEP

49152:/x+biG4N9gbM0H0UfToR1trbqPEAzPNGTCWo1ngLfvCp:J+bijN9gw67fToRrraEAz4TDogLf+

Score

10^/10

remcos voltarger discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

Voltarger

C2

dfgdfghghfhfh.con-ip.com:1665

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-I3REIW
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  PROCESO EXITOSO DE PAGO REALIZADO - TRANSACCIÓN No 143201-1709694808-52264.exe
- Size
  
  4.5MB
- MD5
  
  6232a988e3d27dac3a691f1f439d05bc
- SHA1
  
  2c005a4651a1faee5401a5e1e566245e0fdb8d87
- SHA256
  
  0c4620df9290817f179192d7e02feeeddf9c05c4ee51fb0c86afb247ffffb10d
- SHA512
  
  083be04ee2378f6aca4c3f528b4ff53d27964f50dec2c3df0f1f3f2108e1b5b610c80bb5fed080291c4083b1e794f2ef7ffd7e1ed5b0d6b4309e509bdf00b09b
- SSDEEP
  
  49152:jyVdmxB5GSL4m35GyJZYMrbcDifMb2+X5KoQWZxaMxrVYTEHv0SkW4lLFQoMExc0:jybbOGyJZYMrb7fMb2c8oJZh4BWCMEXX
Score

10^/10

remcos voltarger discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosvoltargerdiscoverypersistencerat

behavioral2

remcosvoltargerdiscoverypersistencerat