remcos

Sharing

Copy URL

Twitter E-mail

General

Target

DEMANDA LABORAL JURIDICA 165161.zip
Size

6.1MB
Sample

241213-szvavsvkdp
MD5

c1aa4fa22d173ced8f486a204a1ae7ba
SHA1

cb5ebbb275be1aba5b876d97160ce3c707ac4d18
SHA256

6be3ef4c945c9c46527b9cdf595a5810753b4b39bacbc6b078d0153fc91d7b85
SHA512

2bae65ffa4dc001784e5de6858365ef441813f83dd2250aa644d65cfb91a73bc8139be4ede6105000d0a5f1d9a9c95e33cde17b49eeb291e9671a85948fdad08
SSDEEP

196608:RXM1Rlx6A5LEqEoHkriDlKsvYshOXXz1YB:RX6Rb6UgqbEriDlNhOHpYB

Score

10^/10

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

december02.kozow.com:5151

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-O92SE5
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  DEMANDA LABORAL JURIDICA 165161.zip
- Size
  
  6.1MB
- MD5
  
  c1aa4fa22d173ced8f486a204a1ae7ba
- SHA1
  
  cb5ebbb275be1aba5b876d97160ce3c707ac4d18
- SHA256
  
  6be3ef4c945c9c46527b9cdf595a5810753b4b39bacbc6b078d0153fc91d7b85
- SHA512
  
  2bae65ffa4dc001784e5de6858365ef441813f83dd2250aa644d65cfb91a73bc8139be4ede6105000d0a5f1d9a9c95e33cde17b49eeb291e9671a85948fdad08
- SSDEEP
  
  196608:RXM1Rlx6A5LEqEoHkriDlKsvYshOXXz1YB:RX6Rb6UgqbEriDlNhOHpYB
Score

10^/10

discovery remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  DEMANDA LABORAL JURIDICA 165161/1 DEMANDA LABORAL JURIDICA 321321.exe
- Size
  
  121KB
- MD5
  
  9c521a90653df5d1efbd0cea12318863
- SHA1
  
  ec2afaf10b78dabfead9e9e485d454789c244188
- SHA256
  
  85bcfc9de06bd0751245ad882f7e2141f340cdedefcaefb8deabbc0792088a58
- SHA512
  
  d1bbb5e07e7df5fe6da9786ecee06c0dfd9e46067de48a139323aa045f81139b78404c4f3f77b1f6f58c3b11d1edf88d0c06ad42fcf7482436367f2444e6152e
- SSDEEP
  
  1536:WMlHLXYAcNG6d2vlvPahT21HXNMMUpOh1lyDi8pgI7G/mJK:9raZ2AtmXmpXDiUgIK/MK
Score

10^/10

discovery remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
behavioral3 behavioral4
- Target
  
  DEMANDA LABORAL JURIDICA 165161/CiscoSparkLauncher.dll
- Size
  
  2.6MB
- MD5
  
  e2e01305e938ea378a88658d81c0917f
- SHA1
  
  6b3dc7e13347f6fadadc2dbac7d3a3927d9e2aa6
- SHA256
  
  29c3c48f4dc84e7179881bc3767546878b2db89d418372f687edbd4a72ef0989
- SHA512
  
  5620ea58d2a7da0fe5d352ea1fe82e76ed84c31b2ae97b28a3ab3b25268f21c0a8eef8ca7baa05ab0f2c80a8125fc7e2441065eda11259b1f636be7b3d6c202d
- SSDEEP
  
  49152:aGtlqOIU6iJVwASOcO81WPz3qjFr6t1Dt+w+PpmtsHcFhKgwzfQHdPWkpRs6:m+18rcDINHAhKQH8S
Score

10^/10

discovery remcos remotehost rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
behavioral5 behavioral6
- Target
  
  DEMANDA LABORAL JURIDICA 165161/VERSION.dll
- Size
  
  6.8MB
- MD5
  
  faa78a3123a7f231de7152bb15c7fa02
- SHA1
  
  c9562133f7630db6a84f4daf56b468c5b0891704
- SHA256
  
  e68265f0d7012e600dac0a25190c6bf4c65689165cb2cb31a60a37baad21064f
- SHA512
  
  622f9da91e1f4995136515120c6a2f5e7f43eb2007467d2633b7391c2777985b2557647ec7753c28d34014d5e83bc979298c245f2b3d6562e668d5c2e221faa4
- SSDEEP
  
  98304:NNxgVhCyX85tumfGOG83MQs/MAx6sVe9VYqljWkDlA4JJ2xHuRmZaMO:NAVhCB5tumhxMD/PxeqDPO
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Remcos family

Executes dropped EXE

Loads dropped DLL

Remcos

Remcos family

Remcos

Remcos family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8