remcos | a6c22bbd451431034796c44a373ad695322e28c89f3560d5350ff3e78cdf9c1a | Triage

Sharing

General

Target

TRANSFERENCIAS CUENTAS PROPIAS EXITOSA.zip
Size

3.1MB
Sample

241010-vf2lyawdph
MD5

a529a153166e9b5bd92d8d620004a2d2
SHA1

200376a8eb98fb2fa0205f22e417b8a90fabcc33
SHA256

a6c22bbd451431034796c44a373ad695322e28c89f3560d5350ff3e78cdf9c1a
SHA512

d2b6391085f0aee1094b2386229adceb4da3ccd3804e6a9137ffb1f713308f63761bc4f0e1d30f4ce9d62d3d74d8aafdaeb754a4b5dc8d79e8450ac7a10fe8d0
SSDEEP

98304:nwHvwugq+5bZiClGmsecwc9ZTmohgOhhz:ncN7+DiMFy9ZTmoh/z

Score

10^/10

remcos xoaoamort discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

XOAOAMORT

C2

carroosmfjdjs.con-ip.com:1661

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-BTGK97
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  TRANSFERENCIAS CUENTAS PROPIAS EXITOSA.exe
- Size
  
  7.7MB
- MD5
  
  d2507dfe5d62ab901599860661f1ac51
- SHA1
  
  4347cb2ca611dc20ca987ba8ec7eedbecb27a73b
- SHA256
  
  4b7b4c5dd8a884bdf86dd220a8a79f0a0c68535289b9d788e1592263e583c99b
- SHA512
  
  0cd62add6a2cadb6fca898e939f66c92357d168ba3c316ef519749ceca5d2e1d424a58b5d21234ef5beb13277e21d601e75a85cbc1f94aba95f309300a686332
- SSDEEP
  
  98304:TKp5jJ5EVOzW8VrAqZkeNcX3NU3dW2/GSUJWXKtOLXfYxeZVSNbC+vw/qiYl7mxy:TEjJ5TpZkeNctAIJmx0UE6xo
Score

10^/10

remcos xoaoamort discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosxoaoamortdiscoverypersistencerat

behavioral2

remcosxoaoamortdiscoverypersistencerat