remcos | 65d074caa3e234445ad29db1ed6977855f4952c2d025c109f8190631dd6487c6 | Triage

Sharing

General

Target

2024-10-11_af19f3633507a5fb8e1383bd25d68384_avoslocker_hijackloader_rhadamanthys
Size

10.0MB
Sample

241011-h4bzzawhmj
MD5

af19f3633507a5fb8e1383bd25d68384
SHA1

b87d24bd8c922ce6d94fc489327dbbf5023b661a
SHA256

65d074caa3e234445ad29db1ed6977855f4952c2d025c109f8190631dd6487c6
SHA512

7a2c4ba4fc4aaa85249afd7a6098d306a960d2a3ea7f7ee0ca4e712347296e1a11936f76ac997dfd0a2af65777639381da4bfea83bbf8a855855818a967bbdaa
SSDEEP

98304:h3x3FJ58yNV78P06ZKlCOQhrAMSVV+uKIqKZCoErQ:h31H5nUICDNuKIqKW

Score

10^/10

remcos ubancol discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

UBANCOL

C2

juanruizpu1405.con-ip.com:1668

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-OWARH1
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  2024-10-11_af19f3633507a5fb8e1383bd25d68384_avoslocker_hijackloader_rhadamanthys
- Size
  
  10.0MB
- MD5
  
  af19f3633507a5fb8e1383bd25d68384
- SHA1
  
  b87d24bd8c922ce6d94fc489327dbbf5023b661a
- SHA256
  
  65d074caa3e234445ad29db1ed6977855f4952c2d025c109f8190631dd6487c6
- SHA512
  
  7a2c4ba4fc4aaa85249afd7a6098d306a960d2a3ea7f7ee0ca4e712347296e1a11936f76ac997dfd0a2af65777639381da4bfea83bbf8a855855818a967bbdaa
- SSDEEP
  
  98304:h3x3FJ58yNV78P06ZKlCOQhrAMSVV+uKIqKZCoErQ:h31H5nUICDNuKIqKW
Score

10^/10

remcos ubancol discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosubancoldiscoverypersistencerat

behavioral2

remcosubancoldiscoverypersistencerat