remcos

General

Target

MOVIMIENTO BANCARIO EN LINEA - PAGO REALIZADO.eml
Size

19KB
Sample

241009-v8w7xsvbmd
MD5

fb4077a5d8bc6e5074b4c22634011bc7
SHA1

701132530e7f055ae66709da8db08b22ad20ca47
SHA256

d1499d4246784bf70a4e177d93ab955c51e66729cdc86f75fbc274ab4c2031c5
SHA512

50f2a50c970dad206c80eb0bb961e08c6eb0d57cef4b52c590241a539299c37da6286ad02984534ce91b7d948701c1007ac805bcef0f9fc32b0f1bc36242d562
SSDEEP

384:wDGlJmz8iO9ikY4tTNLIMqIAnCZGwPF83uwcckhSCZt/I5K+g9wt:OQJJt9T9Nrqx2VF8+LJv/3/W

Score

10^/10

Malware Config

Extracted

Family

remcos

Botnet

GOLGOLGOL

C2

dfgdfghghfhfh.con-ip.com:1668

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-1GL4HH
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  MOVIMIENTO BANCARIO EN LINEA - PAGO REALIZADO.eml
- Size
  
  19KB
- MD5
  
  fb4077a5d8bc6e5074b4c22634011bc7
- SHA1
  
  701132530e7f055ae66709da8db08b22ad20ca47
- SHA256
  
  d1499d4246784bf70a4e177d93ab955c51e66729cdc86f75fbc274ab4c2031c5
- SHA512
  
  50f2a50c970dad206c80eb0bb961e08c6eb0d57cef4b52c590241a539299c37da6286ad02984534ce91b7d948701c1007ac805bcef0f9fc32b0f1bc36242d562
- SSDEEP
  
  384:wDGlJmz8iO9ikY4tTNLIMqIAnCZGwPF83uwcckhSCZt/I5K+g9wt:OQJJt9T9Nrqx2VF8+LJv/3/W
Score

10^/10

remcos golgolgol discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  H.png
- Size
  
  7KB
- MD5
  
  479fa49d6b40a02b49c93e072be80d04
- SHA1
  
  c240cf8b0f9a5737bcc97257d0943bf89845ef84
- SHA256
  
  f35fb0076d9b4d2de9ebbe4ff31be3e85b77421c53ae91732ace50e910bcde8b
- SHA512
  
  3111b8c76159af6a200f75ec41a6da67d72e33350b94a48fc49662bda399a95e5b8bfd962e3904990e5b5917aa5b3982357ca1a5e253e3afee7ce271b2efdbc7
- SSDEEP
  
  192:RMWesmQSig2lYJ9gqyzGobdXamupsFCoAUKx:RMWeJQzg2liiGobdqRphn
Score

3^/10
behavioral3 behavioral4
- Target
  
  email-html-2.txt
- Size
  
  1KB
- MD5
  
  2be5ce789feb87663f33415b94a2b73e
- SHA1
  
  2076e132cc0394be49c86f085c9e17ebeb75fd63
- SHA256
  
  e123bf38946cd8843a950ba5dd80789cf5402d3ad4e7b2b4e7604f0265d1e09e
- SHA512
  
  95bb345b9c796fef5cde3da7674b8db680dc90596bab91d73cec7aeaded317b6e13f7f1843bea08b3f81cd5de5d2cbb0bd953e8d3fa25be024a7816325f7bb9a
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  email-plain-1.txt
- Size
  
  748B
- MD5
  
  9d198b8e52366c6c8692f38f4a397a63
- SHA1
  
  3b4b24536940f76496781b3f908c8f344ad74db7
- SHA256
  
  0bfc77218bfe208c6ca6927f2dec6cf2e52c9b8d38513993e79f385331d47778
- SHA512
  
  73480a39e7f0e817441a5c416254f00acbf253ed787635aad078d8ef25a65a9a307049f6c0ade92930478a0258c9a29d56184719ed738ef2bf21d0a5ffd34805
Score

1^/10
behavioral7 behavioral8