Overview

overview

10

Static

static

1

MOVIMIENTO...1).eml

windows7-x64

10

MOVIMIENTO...1).eml

windows10-2004-x64

3

H.png

windows7-x64

3

H.png

windows10-2004-x64

3

email-html-2.html

windows7-x64

3

email-html-2.html

windows10-2004-x64

3

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MOVIMIENTO BANCARIO EN LINEA - PAGO REALIZADO (1).eml

  • Size

    19KB

  • Sample

    241009-w3jkbawaja

  • MD5

    0e204a7f452ac12937c29c1ba8ff7e73

  • SHA1

    70a7fffb6318bbae045f6194f20b4c9580394597

  • SHA256

    7d714cbb29c50203b38dc40fb727d9e6a071f53062f506631717ce9a2f44bb33

  • SHA512

    ed17da3e20ca15af013f68b6b16a577df6a2927776fcc7c04fb6dadfa703c681a3fe1444be99d47014e536603f2024b6355f315b5c1561b46030ef9963f80de8

  • SSDEEP

    384:sUKh9yr4zgvrGlgPUGM2tTNLIMqIAnCZGwPF83uwcckhSCZt/I5K+g9wt:0ciEn9Nrqx2VF8+LJv/3/W

Score
10/10
remcosgolgolgoldiscoverypersistencerat

Malware Config

Extracted

Family

remcos

Botnet

GOLGOLGOL

C2

dfgdfghghfhfh.con-ip.com:1668

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-1GL4HH

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      MOVIMIENTO BANCARIO EN LINEA - PAGO REALIZADO (1).eml

    • Size

      19KB

    • MD5

      0e204a7f452ac12937c29c1ba8ff7e73

    • SHA1

      70a7fffb6318bbae045f6194f20b4c9580394597

    • SHA256

      7d714cbb29c50203b38dc40fb727d9e6a071f53062f506631717ce9a2f44bb33

    • SHA512

      ed17da3e20ca15af013f68b6b16a577df6a2927776fcc7c04fb6dadfa703c681a3fe1444be99d47014e536603f2024b6355f315b5c1561b46030ef9963f80de8

    • SSDEEP

      384:sUKh9yr4zgvrGlgPUGM2tTNLIMqIAnCZGwPF83uwcckhSCZt/I5K+g9wt:0ciEn9Nrqx2VF8+LJv/3/W

    Score
    10/10
    remcosgolgolgoldiscoverypersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      H.png

    • Size

      7KB

    • MD5

      479fa49d6b40a02b49c93e072be80d04

    • SHA1

      c240cf8b0f9a5737bcc97257d0943bf89845ef84

    • SHA256

      f35fb0076d9b4d2de9ebbe4ff31be3e85b77421c53ae91732ace50e910bcde8b

    • SHA512

      3111b8c76159af6a200f75ec41a6da67d72e33350b94a48fc49662bda399a95e5b8bfd962e3904990e5b5917aa5b3982357ca1a5e253e3afee7ce271b2efdbc7

    • SSDEEP

      192:RMWesmQSig2lYJ9gqyzGobdXamupsFCoAUKx:RMWeJQzg2liiGobdqRphn

    Score
    3/10
    behavioral3behavioral4

    • Target

      email-html-2.txt

    • Size

      1KB

    • MD5

      749fa1488f03feb1b93d704c27229d27

    • SHA1

      a344de07bd010c8eb4841878b46ee87d6afb9327

    • SHA256

      fd973db95cf670b9552f351c180865a9221768e3ac645a02395a182e8d906c14

    • SHA512

      92ef8228b6475744bd22a24d4420674a2d9e261080fc8f2144fdbfc9b4bdfdb2f0a4ee9cd72fe28f94df169cc0ee8c68c8779de36e476e57c6bba1fd47364cc2

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      email-plain-1.txt

    • Size

      745B

    • MD5

      494b4e5fc51de9d89941f7c6d00e06a3

    • SHA1

      46499bce6b745bb2796d30ff5d492e625501b20a

    • SHA256

      dfb9db1d31774ef0133e78ef39736e676d7dbad85f36b5c96a8dc4b50d9f654a

    • SHA512

      f2343337333ebdae2ade2158f468d3192b3bded59dc801a33580914c0a99e76000d45bba4787eedb0ffb960cd3b0719a6a5923f811733774a506893cef2d3abc

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks