remcos | 2eac7659c0f14c7005c49a96c2a90e6f2bfdf120325eebdfc6be75dd0af92a95 | Triage

Sharing

General

Target

cfe330c47aa4388a7fede727b774127b.uue
Size

901KB
Sample

241126-zj9tyavqej
MD5

cfe330c47aa4388a7fede727b774127b
SHA1

5f113dd48e615d1a627e5044d0d32b7215d5a34f
SHA256

2eac7659c0f14c7005c49a96c2a90e6f2bfdf120325eebdfc6be75dd0af92a95
SHA512

9d32faf497aa2a975618fe6b3b498a56873e79c77d7efd584487a9a806b4d84cb0c49c7a23e9fc721cf8864c7dcba035b2b26cfdf65026418d0eab345ebce77b
SSDEEP

12288:ET/gghf3KMvb5rZEojZRBUl1fxOr2n8nXgI72aaxgS3aaKefcFshKrcBOEC:sTTvttEodAlFkin8jqaaGzecnZ

Score

10^/10

remcos zepta discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

ZEPTA

C2

ardilla00239.ydns.eu:1833

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
sdfsgfdgdd
mouse_option
false
mutex
sfgfgdgghdfvfssd-PYRG6H
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  En virtud del proceso penal en curso, en el que se le imputa el delito de perturbación a la posesión, con pena máxima penitenciaria, este despacho le informa que deberá comparecer ante el Juzgados de Extinción de Dominio de Bogo.exe
- Size
  
  1.7MB
- MD5
  
  67df29947d1d3133711d94663b7f2c19
- SHA1
  
  5716975f7a8c25920a4fb5bab3c3902fd09b59b4
- SHA256
  
  cfef40e6968cca358390c6872552793be6ccb9f01a0d2f44dce11832bfacf03f
- SHA512
  
  736f8cc3f3d74b970cac110d66fb2ecbf8ef750fe2914b10b85629bd4d349824e2b6575c1d5821edffd9b5a991de1c18f8091c5e8559bbb29be1f41a1a3d8d19
- SSDEEP
  
  24576:ZaHyv6exSOI/TRAny+Q57NGylZhkMv+5/JioCb4rl6fNYPGgbib9Fr4jT:Z7vYjRz+Q57NGylv+VQzU8fMcj4f
Score

10^/10

remcos zepta discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcoszeptadiscoverypersistencerat

behavioral2

remcoszeptadiscoverypersistencerat