remcos

Sharing

Copy URL

Twitter E-mail

General

Target

-Juzgado90CivilMunicipalAvocaConocimientodeActuacinJudicialensucontraporDesacato.7z
Size

6.3MB
Sample

250130-thl4laxrcn
MD5

c850d6ee88441d8489686d84f0afae0f
SHA1

fec067b721fff68fa63ab1032ccdfd313d7c8caf
SHA256

750cb3dbeaefd7109e8e69b66a141702bd4870afbb9704876272823ab7791b6a
SHA512

a8b6d3622b2013bc8b66878657ce6e7db115d049f36827fbf2a2ef4e2bdc16eac7358444c0b11ec74f6ef51d14acd170195a63efe215d85ca4a55f49c42e97f0
SSDEEP

196608:bxEBsaAgAI2cEVevhp92rSSmwGquZtp0H3lY0Y9d:9fIJQ+Smbtkyd

Score

10^/10

Malware Config

Extracted

Family

remcos

Botnet

EnviamePlata

enviameplata.kozow.com:800

Attributes

audio_folder
MicRecords
audio_path
ApplicationPath
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
enviame
mouse_option
false
mutex
EVP-5U91NI
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  01-ACTUACION JUDICIAL EN SU CONTRA.exe
- Size
  
  121KB
- MD5
  
  9c521a90653df5d1efbd0cea12318863
- SHA1
  
  ec2afaf10b78dabfead9e9e485d454789c244188
- SHA256
  
  85bcfc9de06bd0751245ad882f7e2141f340cdedefcaefb8deabbc0792088a58
- SHA512
  
  d1bbb5e07e7df5fe6da9786ecee06c0dfd9e46067de48a139323aa045f81139b78404c4f3f77b1f6f58c3b11d1edf88d0c06ad42fcf7482436367f2444e6152e
- SSDEEP
  
  1536:WMlHLXYAcNG6d2vlvPahT21HXNMMUpOh1lyDi8pgI7G/mJK:9raZ2AtmXmpXDiUgIK/MK
Score

10^/10

remcos enviameplata discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
behavioral1 behavioral2
- Target
  
  7z2409-x64.exe
- Size
  
  1.6MB
- MD5
  
  6c73cc4c494be8f4e680de1a20262c8a
- SHA1
  
  28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0
- SHA256
  
  bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e
- SHA512
  
  2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85
- SSDEEP
  
  24576:hE6TUFJmLWnNo7w3FB/IDmqmhnooXx5bwHRecHNnq8pggpahKhpaAJe0D/Qy4Pq:hEgJL2No7eFBVtoSYRectq8pggJAC/aq
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  CiscoSparkLauncher.dll
- Size
  
  2.6MB
- MD5
  
  e2e01305e938ea378a88658d81c0917f
- SHA1
  
  6b3dc7e13347f6fadadc2dbac7d3a3927d9e2aa6
- SHA256
  
  29c3c48f4dc84e7179881bc3767546878b2db89d418372f687edbd4a72ef0989
- SHA512
  
  5620ea58d2a7da0fe5d352ea1fe82e76ed84c31b2ae97b28a3ab3b25268f21c0a8eef8ca7baa05ab0f2c80a8125fc7e2441065eda11259b1f636be7b3d6c202d
- SSDEEP
  
  49152:aGtlqOIU6iJVwASOcO81WPz3qjFr6t1Dt+w+PpmtsHcFhKgwzfQHdPWkpRs6:m+18rcDINHAhKQH8S
Score

10^/10

remcos enviameplata discovery rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Remcos family
  remcos
behavioral5 behavioral6
- Target
  
  VERSION.dll
- Size
  
  6.9MB
- MD5
  
  f8b92047fde4fd5d3a6d0461e09f3450
- SHA1
  
  92521fc4c5fe77202169a3e4389b2725a6b0b03b
- SHA256
  
  db0b383513bb559b9b147100ea9c82e09ecbe0a7179500611c37ca9d2139b6b7
- SHA512
  
  3f061c44291ce45b52755f76c511074bc982d131b22e7f2428f4d4c92d1f5764c043994d6afefd83a40bd30b2f029b820941830273c8203cfea3ecc706b3236e
- SSDEEP
  
  196608:COd14SUZ31EKJSdbheV8DCWEgRRdqyxpht:COdSzBidHxRRQyZt
Score

1^/10
behavioral7 behavioral8