Overview

overview

10

Static

static

3

New Purcha...NC.exe

windows10-1703-x64

10

New Purcha...NC.exe

windows7-x64

10

New Purcha...NC.exe

windows10-2004-x64

10

New Purcha...NC.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New Purchase Order-030220- SMART SOURCING INC.exe

  • Size

    678KB

  • Sample

    241023-p6acgs1dmg

  • MD5

    3207acb14184189a3800a8e20a82b023

  • SHA1

    65d2ad175339e0dc644b301c85e7f02f098bbb63

  • SHA256

    1f3358783cef07f7a60b0530c0de90be8a1131715faaf9d841ce830d9116434b

  • SHA512

    71ccfda46c9c98944153398afebe09708d9c071da3e821f238b865fb77551734e94fbf6e39445c45da926efac9a7b6f9fcc6fe0d93ba8a2274d0fdc25c569bd0

  • SSDEEP

    12288:qMu7vJgCfeUA94QAyS3ewHXsnn38zVzMfpNemioprHlJ:q5mZ2emcnn38pzE4In

Score
10/10
remcossolomondiscoveryrat

Malware Config

Extracted

Family

remcos

Botnet

SOLOMON

C2

grantadistciaret.com:3212

grantadistciaret.com:3223
Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • install_path

    %Temp%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    RmcxeJ-GSQVVR

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      New Purchase Order-030220- SMART SOURCING INC.exe

    • Size

      678KB

    • MD5

      3207acb14184189a3800a8e20a82b023

    • SHA1

      65d2ad175339e0dc644b301c85e7f02f098bbb63

    • SHA256

      1f3358783cef07f7a60b0530c0de90be8a1131715faaf9d841ce830d9116434b

    • SHA512

      71ccfda46c9c98944153398afebe09708d9c071da3e821f238b865fb77551734e94fbf6e39445c45da926efac9a7b6f9fcc6fe0d93ba8a2274d0fdc25c569bd0

    • SSDEEP

      12288:qMu7vJgCfeUA94QAyS3ewHXsnn38zVzMfpNemioprHlJ:q5mZ2emcnn38pzE4In

    Score
    10/10
    remcossolomondiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks