Overview

overview

10

Static

static

3

Por medio ...ec.exe

windows7-x64

6

Por medio ...ec.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d3f3e7bf2f74eee0bab26b57b4086508.uue

  • Size

    2.4MB

  • Sample

    241113-2askea1amb

  • MD5

    d3f3e7bf2f74eee0bab26b57b4086508

  • SHA1

    1f2574c51bccae5b29b26d11c94109452e607f17

  • SHA256

    bf44cea9ad3b2537695ad68051a3d76103f51acac12dae98046bcc67655a8d89

  • SHA512

    9e99b11231b07b87bac2181abf3cdf9dc2bac385abaee2b1933abc04889bb5c033d2cdf1f2d0a0a97b0ef813f55a45a788cdfd1e6dc00fe18bf2f233c2f1d682

  • SSDEEP

    49152:1PxRmgHUeD2bS7MB12J4TtqRsH7METZSC6V+mQzUlVRJyU:dNHXD2G7SqokRo7XdwXLyU

Score
10/10
remcosrojodiscoverypersistencerat

Malware Config

Extracted

Family

remcos

Botnet

ROJO

C2

nuevodntestchec.addns.org:3018

Attributes
  • audio_folder

    MicRecords

  • audio_path

    ApplicationPath

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    registros.dat

  • keylog_flag

    false

  • keylog_folder

    data

  • mouse_option

    false

  • mutex

    jjajbsfbisfablklsafg-LEIC4X

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Capturas de pantalla

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      Por medio de la presente, se le comunica que, en virtud del proceso No. 2024-52100-63561-56165, ejecutado por el Juzgado Tercero (3ro) Penal de Cundinamarca Especializado.exe

    • Size

      6.9MB

    • MD5

      d15499b47bac23ac6c8f5f702fb21a24

    • SHA1

      b8ee221f0025fc5d21b3c90d977e66fb0af91f63

    • SHA256

      88c9ac51024b2d980e1076795b99f22be6c6a99e9cbc195531c65deeeae6381d

    • SHA512

      eb927e17e4468c0bcf0e4e66dd109ec94f3810b095e8b3106dc50753a84f4f67416f21923adb2caaaafb430cfacc1eef1e3817f52e564db4a7785fad16ae29e0

    • SSDEEP

      98304:/XTFjm3UAtTlMPoWXCo0B4nDk1vmp28nnnYFpyy3xjxTzCv/XLU:/XTFjm3TtTlMPoW4B95mpsdxVCvf4

    Score
    10/10
    discoverypersistenceremcosrojorat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Downloads MZ/PE file

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks