remcos | dc33f57722e95a9bdf83e9f918d96ce3d89832b62fb8c142243092367080cb34 | Triage

Sharing

General

Target

DEMANDA JUDICIAL.Uue.Uue
Size

581KB
Sample

241206-y34llavqgw
MD5

9d6194a1a8eb592a8b2232b8daea6fc5
SHA1

23c62ca8fe105fb75124f13c12848120d8d80fbc
SHA256

dc33f57722e95a9bdf83e9f918d96ce3d89832b62fb8c142243092367080cb34
SHA512

dec81dc5610b2d694a09b39a588db56ed02f603609fbe955f74698762938b407d733e4626b3388983b86caa9c894882cc355fedd9463f3e6112ecf24ca417858
SSDEEP

12288:nJzZ1mX5OG0l11ymLRhBZT74WA8iMMj7U1liGou6NsiTIJKQa1StJliH7:n9Z18oGO1fLLBZTkntFino+iT2KQ9tc7

Score

10^/10

remcos remotehost discovery rat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

baloto1.duckdns.org:2019

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-NRZVSH
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  DAÑOS Y PERJUICIO/DEMANDA JUDICIAL.exe
- Size
  
  300.0MB
- MD5
  
  af43d6ddda738aa40b80b613f8d35921
- SHA1
  
  3eb0dac10c5432c5170086428ae2d698b2c16f6e
- SHA256
  
  4a47d92d581b4b746b48bb92057354415fea9343f744938e0d7454e9610b9222
- SHA512
  
  d10c04027e02766aa2c10f397f67eea33f28253b3a708e16d965ea3cc01f718ded33bfeeb00abdbeca22fac3b59efa5bc423d687e26520f5fab6c095d46b0a63
- SSDEEP
  
  12288:W8ryNswRXbW3UOk6r57kaclgzw7XXs8s3ssOdytTFbjLTxV:Z2NpXqDk6lg7aqX8v8Wbv
Score

10^/10

remcos remotehost discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosremotehostdiscoveryrat

behavioral2

remcosremotehostdiscoveryrat