Overview

overview

10

Static

static

3

Portafolio...re.exe

windows7-x64

3

Portafolio...re.exe

windows10-2004-x64

3

Portafolio...re.exe

windows7-x64

10

Portafolio...re.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7554fcaa252c2663bc9116368ffbece58f64a74b3b3e03bd585abb8283a96804

  • Size

    1.1MB

  • Sample

    241023-tfh9xsydke

  • MD5

    8e2a9cf0d052a295bfbde9fd31286e62

  • SHA1

    e83f0ad5ac2c3a9ef0b257216eb42a23ae58314a

  • SHA256

    7554fcaa252c2663bc9116368ffbece58f64a74b3b3e03bd585abb8283a96804

  • SHA512

    e695db18fae2c81918c65390fd9212729a2750cb305cfe0103458712236cadd28d72ebd3234dbd5912570f2a4f823075751bcaab1a6505e67e27e20d742eed4f

  • SSDEEP

    24576:IzTgKgRqmzGje8PRhjBC/b5Z16Nvn3pVc4Gx1fJo3Ni6B:Xr8mzOP7mb5Z1uv3TGxZWpB

Score
10/10
remcosclaveldiscoverypersistencerat

Malware Config

Extracted

Family

remcos

Botnet

clavel

C2

pruebaoctubrenuevo.ydns.eu:3018

Attributes
  • audio_folder

    MicRecords

  • audio_path

    ApplicationPath

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    registros.dat

  • keylog_flag

    false

  • keylog_folder

    datos

  • mouse_option

    false

  • mutex

    jhatgdyhjaoplgdnyujdzjgd-QP3IZC

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Capturas de pantalla

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      Portafolio Rotativo Proceso Activo N° 6748-2024/Oficio Jurídico 00023 - Orden de captura 22 de Octubre.exe

    • Size

      398KB

    • MD5

      923191786539b85f05801a82c5d34044

    • SHA1

      5b05c3e94c78de881743b64fbf655dd7a4d5a4ed

    • SHA256

      2c3bba8949c6ebeb2f81764c614733e5f81800b5de059f1f16afe6074d5f83e6

    • SHA512

      54294237c5e4e96b28a958c2bf7cfd7056db3833356b2a473a6da00f2434cb4fbb6a9266df969c1132b0416d1b6d5f62a5bc3b68c836e8ffed28b844d32b3d98

    • SSDEEP

      768:5wv79pvtx0gODbLTL7tg7SYQQzcrN2RgFxhjpjOOZFYe4J0v/CBN7BFeQaZTog1:5wRVWr7tgCWcE0xp9OOR4aXOYfP1

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      Portafolio Rotativo Proceso Activo N° 6748-2024/dOC 020394343 Jurídico - Orden de captura 22 de Octubre.exe

    • Size

      2.1MB

    • MD5

      f6900f032b2b3ab3a399937fe19cd850

    • SHA1

      0838babc162350c2c3716ad8f0410eab803ecb6b

    • SHA256

      47eb1fe8cfad5ba738240a03e867cddec4142d054bf50c50196fd40ba22a6bb1

    • SHA512

      1d177ec687d4b5b9cdc34cb6ff65d648095fbd285398e1ede980cf965ba27bb26bdac5376349b243f5784786ef970bb337b9033457807f6ed13c13e1382e77f0

    • SSDEEP

      49152:TSZCLl4ZBqxaMaq1zRJ2KNqreTmmpM9eWxkKE8H3lwhje6YySrO07bJzyo2pu+5P:bKEhe6Yy3WJzyo2pCW

    Score
    10/10
    remcosclaveldiscoverypersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks