Overview

overview

10

Static

static

3

2082-1220-...24.exe

windows7-x64

6

2082-1220-...24.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7fbfacda7245aabe3130a752b8df5a8.gz

  • Size

    5.1MB

  • Sample

    241114-2px4fatnet

  • MD5

    d7fbfacda7245aabe3130a752b8df5a8

  • SHA1

    7352d3f7d9cfc33c4c5f075dd45192314a6a9b06

  • SHA256

    fc4fec44ccf08b41c96e2780a18573a05858cad5a500b2da55e84cfc86c89a0d

  • SHA512

    046e8ec7ad2037ac52e89e07a5badf7809f9feec379716e89a9d95bb105366b809f90aef07a912e1860fa481a4817808a01f943d1a8860e9d33765d248ab2ac9

  • SSDEEP

    98304:pS01smX/JGT7msiQ0AJb/WrMkW6Dz9oLCh5oeNJVJcqx51svkqc4BwaM9:pJnxGnmsp0AFW1JouhWmXJt51072aI

Score
10/10
remcosorodiscoveryrat

Malware Config

Extracted

Family

remcos

Botnet

ORO

C2

noviembre14.ydns.eu:2708

Attributes
  • audio_folder

    MicRecords

  • audio_path

    ApplicationPath

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-J4BNGW

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      2082-1220- SEGUNDA INSTANCIA No. 7590-2024.exe

    • Size

      5.2MB

    • MD5

      8cb9e46a08c436f772738ad5708a8ec5

    • SHA1

      d7672934e1ec81f3f1d1e59a06556b641e97c69a

    • SHA256

      1f12c1cbc308e400ba5eca71443f8dc41162be0c0a59afd60a04cc6bb7705f5d

    • SHA512

      b001d3a78006b4d45e1041939ac0ea940db3de886e5fb68defe40e2466bd5b94b8da213ac48ead29054de5001ba7cc89bdd3dab85acf4367a14551e158d0e90a

    • SSDEEP

      98304:vLfK1AYizQPQo006Jr2qenjIsQZdZK/++cy5u7rwIGPZr:ri8QIo05gnjIsMu2bdrwIGPZr

    Score
    10/10
    discoveryremcosororat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks