remcos | b307c3478806f27ad92c22edc46739933dde1295c763c9956d15b6afee5478a1 | Triage

Sharing

General

Target

494a2a4a6deda2aad79621a9246844a4.uue
Size

1.2MB
Sample

241127-x3r25awphx
MD5

494a2a4a6deda2aad79621a9246844a4
SHA1

fc4ee711b7fdd6b4f34c7bb8c8d7b2c893fe7daf
SHA256

b307c3478806f27ad92c22edc46739933dde1295c763c9956d15b6afee5478a1
SHA512

cecc874c35f6167b20652837c4070bc1ba339dd4954647aad1850f021fd909c76e1c7a753ca4be453f0e5445de1f4e2291fa0a125c62c1526a71c7e5e8a935aa
SSDEEP

24576:pvl6lTEqnbiaGUeDTqpxv4gISj03SFarJlmcMgQgMoms:pvlSEw+aoXWQ+S4aPm4xNj

Score

10^/10

remcos zutopia discovery persistence rat

Malware Config

Extracted

Family

remcos

Botnet

ZUTOPIA

C2

ardilla00239.ydns.eu:1831

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
sdfjdsjfndsvnd
mouse_option
false
mutex
nnnfdfjdsgfgfs-JXPHK5
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  La no presentación en el plazo establecido conlleva a la imputación de cargos adicionales por desacato a la ley. La fecha límite para su comparecencia es el 28 de noviembre de 2024..exe
- Size
  
  2.0MB
- MD5
  
  8b47c377bd5aaf54914ac27714891a71
- SHA1
  
  32c6a5a4c56c9fe9ad182cc1d4fdfdf2abe577a5
- SHA256
  
  97cecb1d9ff2d7352e5a08bd6589f7979d89f9758ad88a060cbb75ea1e308220
- SHA512
  
  dbaab357d45324f8cfe938fd3a347166ee9f71fce00b205a5f3a383ee0cf4f7a2819320634df2e31e0cf5364364e79ef7661ee62f9317992bd337ba04943684f
- SSDEEP
  
  24576:L3HmzB5HhMRAuNoYv34Up45bYvWnbTpoOS2iGDrq3F91qcHXCne2F00i/GdEDCNJ:L3EB5HhMRAovIv2SSOS2iwrq3/3vM+5O
Score

10^/10

remcos zutopia discovery persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcoszutopiadiscoverypersistencerat

behavioral2

remcoszutopiadiscoverypersistencerat