remcos | a398f3f8204155c5b12c109e72d9bc0b980d2e9ad759442635f66358fdf9c8b6 | Triage

Sharing

General

Target

30112024_0147_DEMANDA LABORAL POR ABUSO DE CONFIANZA 01.XZ
Size

4.2MB
Sample

241130-b71zya1kdp
MD5

2ca55fceb82d2d3336981aaa84e7b7c4
SHA1

cac23774a398249ae0e29b38eae4db7232278028
SHA256

a398f3f8204155c5b12c109e72d9bc0b980d2e9ad759442635f66358fdf9c8b6
SHA512

33b94c6f47daa16b38c3f73d4d91a3aa9af0ec194ef59bc82c1593e693f6e563a3b9e18f977dfbd173050297e55b59cf8c4667bb15824fb92db4aca604ea3b20
SSDEEP

98304:v1+YMtggILzASmooNra3tSlGayLMzo5zW0:vJgtI/ASQra9Sll+I50

Score

10^/10

remcos gus discovery rat

Malware Config

Extracted

Family

remcos

Botnet

GUS

C2

mastergusta.kozow.com:5151

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-6Q2P7E
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  DEMANDA LABORAL POR ABUSO DE CONFIANZA 01/WINMM.dll
- Size
  
  5.0MB
- MD5
  
  c1e4443c640d1dc0b408356a0ef216be
- SHA1
  
  9ca2853691bf347e12e620dadcf6ea1cceb817fe
- SHA256
  
  812e1927550e39501b2477df2479dc239b428d11bbae81e719c220769ccd7b34
- SHA512
  
  2d47e620c46634519a861b68ac779e22a910b1f3495d5fb8a3fbad43601bc430a13e538d571192c6aaae83fda2d0c1607901aa7a360bea18da732d1bf81b86c3
- SSDEEP
  
  98304:3yhaH4iFZp4lHd4iQfJuI5Tf4rYfthIfsuspcZpccVHu2S5nneBOc7uZ:3dH4i6l2wWFhnbi/HuveB
Score

10^/10

remcos gus discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  DEMANDA LABORAL POR ABUSO DE CONFIANZA 01/zoom.exe
- Size
  
  2.3MB
- MD5
  
  5013571e104d9dd42ca2d94e81e430f8
- SHA1
  
  0e0e2b2f1688b77ebea638aa2e12f6462722fcb0
- SHA256
  
  9783cdd475c54ec21a035b5035c80329fa14be830c71c7c133de06ed98ad86d8
- SHA512
  
  c2a4fbb1231cb15fbe3a733c5477d7d0e95ae15cf9a5c7d53eeb452d6b5212a24754d596b90715cead5ae825c989afcacf14c33c1fd363a95cb86a0bc65f932e
- SSDEEP
  
  24576:oKkVrHgHx4mYlt+e5N2lWByqwSFg9NJo7thp9clBb2:Huri4LltP5NSn9NJIclBC
Score

10^/10

remcos gus discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosgusdiscoveryrat

behavioral2

remcosgusdiscoveryrat

behavioral3

remcosgusdiscoveryrat

behavioral4

remcosgusdiscoveryrat