Overview

overview

10

Static

static

3

DEMANDA LA...ZA.exe

windows7-x64

4

DEMANDA LA...ZA.exe

windows10-2004-x64

10

DEMANDA LA...er.dll

windows7-x64

4

DEMANDA LA...er.dll

windows10-2004-x64

10

DEMANDA LA...ON.dll

windows7-x64

1

DEMANDA LA...ON.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87aa9b12c1b0c3e870690b9439b839d6.XZ

  • Size

    4.8MB

  • Sample

    241205-apgb5svkbk

  • MD5

    87aa9b12c1b0c3e870690b9439b839d6

  • SHA1

    74aa95746c8b1c2fa9463b0a549feea78b112d11

  • SHA256

    a53ec05a1c33d2d78afa7e0b7385a8e60388d19110ba1cf72afa99d295bad315

  • SHA512

    a5bed4661483d10e8521e9b26b3dbf628e560102c1ca93c239016d0c11e4c87c92cc4b7dfbc7773456be01e1795714009b1b4b6dad245e83196025d41c69f267

  • SSDEEP

    98304:xWI7FJcIkR6IQVD9ROh6kAAgTsT3ZwwZ1/Yre2HX3EA1lwRhIXVomHyILbav:wUyR6IoDPejArTe3ZNwp3EqamdL0

Score
10/10
remcosmellisdiscoveryrat

Malware Config

Extracted

Family

remcos

Botnet

mellis

C2

melloreservas.kozow.com:5353

Attributes
  • audio_folder

    MicRecords

  • audio_path

    ApplicationPath

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-OX0E5C

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      DEMANDA LABORAL POR ABUSO DE CONFIANZA 01/01 DEMANDA LABORAL POR ABUSO DE CONFIANZA.exe

    • Size

      121KB

    • MD5

      9c521a90653df5d1efbd0cea12318863

    • SHA1

      ec2afaf10b78dabfead9e9e485d454789c244188

    • SHA256

      85bcfc9de06bd0751245ad882f7e2141f340cdedefcaefb8deabbc0792088a58

    • SHA512

      d1bbb5e07e7df5fe6da9786ecee06c0dfd9e46067de48a139323aa045f81139b78404c4f3f77b1f6f58c3b11d1edf88d0c06ad42fcf7482436367f2444e6152e

    • SSDEEP

      1536:WMlHLXYAcNG6d2vlvPahT21HXNMMUpOh1lyDi8pgI7G/mJK:9raZ2AtmXmpXDiUgIK/MK

    Score
    10/10
    discoveryremcosmellisrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos
    behavioral1behavioral2

    • Target

      DEMANDA LABORAL POR ABUSO DE CONFIANZA 01/CiscoSparkLauncher.dll

    • Size

      2.6MB

    • MD5

      e2e01305e938ea378a88658d81c0917f

    • SHA1

      6b3dc7e13347f6fadadc2dbac7d3a3927d9e2aa6

    • SHA256

      29c3c48f4dc84e7179881bc3767546878b2db89d418372f687edbd4a72ef0989

    • SHA512

      5620ea58d2a7da0fe5d352ea1fe82e76ed84c31b2ae97b28a3ab3b25268f21c0a8eef8ca7baa05ab0f2c80a8125fc7e2441065eda11259b1f636be7b3d6c202d

    • SSDEEP

      49152:aGtlqOIU6iJVwASOcO81WPz3qjFr6t1Dt+w+PpmtsHcFhKgwzfQHdPWkpRs6:m+18rcDINHAhKQH8S

    Score
    10/10
    discoveryremcosmellisrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      DEMANDA LABORAL POR ABUSO DE CONFIANZA 01/VERSION.dll

    • Size

      6.9MB

    • MD5

      6d4e5e67defde30eb1e41f7daef2e35f

    • SHA1

      c840c5e2299b119a86f59c152dd804c32cdf38f2

    • SHA256

      fe8b684b17b074d43782c9419f8739c0179c34e095a02c30e4519face3a51489

    • SHA512

      6b1bdc2dd5323ae1bfccda5ec98eab55596df097df985fc0afa9236d86a966ee8e1c7f76abe2fe17b8e8c63c628da5143490d2d0b6a7bb49a4408a2e482b9616

    • SSDEEP

      196608:K8I2Id3YRvFDffXr1VXUxErQuHk3Jj1xjK8bfL53blm:KAI+nDfzqS1H6JRfd

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks