Overview

overview

10

Static

static

3

DEMANDA LA...er.dll

windows10-2004-x64

10

DEMANDA LA...54.exe

windows10-2004-x64

10

DEMANDA LA...ON.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DEMANDA LABORAL JUDICIAL 16524515.XZ

  • Size

    5.9MB

  • Sample

    241220-t1y6wazqak

  • MD5

    2dfe0eb594374e5a52d951fb7fa6f864

  • SHA1

    1f0fe19a4c3ad4d75a7f46ef86c54f7d5eb3a1d3

  • SHA256

    bb20c46a817a7c0cdffb513ec4d14bd2026ea70b8f1a0ec07bb699cd0d70a29a

  • SHA512

    2d938e35f3325042796c38ec60611efe0888220ad30c55933df1ebb49f17d606de8e9b49e85c3fac4195e7fe2ff198fc551201bfecc6f61f6b5fa5933f1de2ea

  • SSDEEP

    98304:UCtGIbWC4fXKk3V3sO0J3OVyAxr7LLR2cSeCnAJScyVIx47l/ixZr5aa91NeZ:UObKKirVzxr7hse6qBAO4pizdj1s

Score
10/10
remcosremotehostdiscoveryrat

Malware Config

Extracted

Family

remcos

Botnet

RemoteHost

C2

december02.kozow.com:5151

Attributes
  • audio_folder

    MicRecords

  • audio_path

    ApplicationPath

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • mouse_option

    false

  • mutex

    Rmc-O92SE5

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      DEMANDA LABORAL JUDICIAL 16524515/CiscoSparkLauncher.dll

    • Size

      2.6MB

    • MD5

      e2e01305e938ea378a88658d81c0917f

    • SHA1

      6b3dc7e13347f6fadadc2dbac7d3a3927d9e2aa6

    • SHA256

      29c3c48f4dc84e7179881bc3767546878b2db89d418372f687edbd4a72ef0989

    • SHA512

      5620ea58d2a7da0fe5d352ea1fe82e76ed84c31b2ae97b28a3ab3b25268f21c0a8eef8ca7baa05ab0f2c80a8125fc7e2441065eda11259b1f636be7b3d6c202d

    • SSDEEP

      49152:aGtlqOIU6iJVwASOcO81WPz3qjFr6t1Dt+w+PpmtsHcFhKgwzfQHdPWkpRs6:m+18rcDINHAhKQH8S

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

    • Target

      DEMANDA LABORAL JUDICIAL 16524515/DEMANDA LABORAL JUDICIAL 2313154.exe

    • Size

      121KB

    • MD5

      9c521a90653df5d1efbd0cea12318863

    • SHA1

      ec2afaf10b78dabfead9e9e485d454789c244188

    • SHA256

      85bcfc9de06bd0751245ad882f7e2141f340cdedefcaefb8deabbc0792088a58

    • SHA512

      d1bbb5e07e7df5fe6da9786ecee06c0dfd9e46067de48a139323aa045f81139b78404c4f3f77b1f6f58c3b11d1edf88d0c06ad42fcf7482436367f2444e6152e

    • SSDEEP

      1536:WMlHLXYAcNG6d2vlvPahT21HXNMMUpOh1lyDi8pgI7G/mJK:9raZ2AtmXmpXDiUgIK/MK

    Score
    10/10
    remcosremotehostdiscoveryrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral2

    • Target

      DEMANDA LABORAL JUDICIAL 16524515/VERSION.dll

    • Size

      6.5MB

    • MD5

      11c74035f53153b2a3995adae434b13e

    • SHA1

      b70ea9a05f4d13ac11c0c2c8468432227db5a681

    • SHA256

      0c4eb3c0537182c4cd5281f08559534b2eb44ae20b91867c115b9fc404c1b425

    • SHA512

      689dc7bb5c2a923fe6db8ea49ffdac508b7a32b91cc8677f482ad7eacc905c8f8fc204b9c10e7c1d6a51c20ff35d3bc417ff73b8dc09b645f40f0614a7a0adb1

    • SSDEEP

      196608:HIYbs8XNHlQngu+mm428raZYnFpqLPTS4ptFrqB:HpYgpuF/r/nGbtp32

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks