Overview

overview

10

Static

static

3

pagamento....df.exe

windows7-x64

3

pagamento....df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08112024_0727_pagamento.UniCredit.Bank.pdf.iso

  • Size

    134KB

  • Sample

    241108-jabb1sybmg

  • MD5

    efc40d204119fc723141413fb62a9cd9

  • SHA1

    e5d5c174e357861d1534913dea2e828608f275c7

  • SHA256

    e7f5beb609ab1fb2322e363c034167506c25e7223e6e2fe689f65b009e64faf8

  • SHA512

    319cd24f17ed64da90446d435df2902a7c49510051fd061e6e49615e1ee6a0b49cde0cbe384f324e1a3a8ae77a9ba28bbad4308047d78ff72c39179307fb4e06

  • SSDEEP

    1536:wUEPkjbifJKyiKTdZ6d464hlC1VKG06E53qWSuns:EPAufJKyFJ4d464hlC1AG06E53qTus

Score
10/10
remcosremotehostdiscoveryrat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

212.162.149.42:7118

Attributes
  • audio_folder

    MicRecords

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-YP127Q

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      pagamento.UniCredit.Bank.pdf.exe

    • Size

      84KB

    • MD5

      12045633292c69d63c710b4a00a6be72

    • SHA1

      15e15462c382468c7caa231a3d6f3f64cce2777b

    • SHA256

      037c825de0105c556885ea655349e8470b6fbeab00612b3952f9c4c37ad37588

    • SHA512

      f60462365daf62f07e15f54854625b15bf4ba13f2881e05ed584dada396e92171bcca4f4e73f8f85d19ac6e0f9316036ba1f9109089d703b8c5536b5a58ef780

    • SSDEEP

      1536:bUEPkjbifJKyiKTdZ6d464hlC1VKG06E53qWSuns:FPAufJKyFJ4d464hlC1AG06E53qTus

    Score
    10/10
    discoveryremcosremotehostrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks