remcos | 18f32daab9bac5909cf9fe9bfaba3183104ae5ec60bdafc8091214887e966195 | Triage

Sharing

General

Target

Loading-Documents,pdf.exe
Size

423KB
Sample

200707-vvb7rxn1mn
MD5

4df66339be6f263c7c6e398cc65de65e
SHA1

6810fbf18ada8cdbc5d228c0db2bc01ca029fddf
SHA256

18f32daab9bac5909cf9fe9bfaba3183104ae5ec60bdafc8091214887e966195
SHA512

b0be3f88d7cde12e9fdb7f451f30b8b996c7eae12ad29bd8c313312af38c2b5d7f765da0af55d0554f04ff44f769a4cb8453b8f02e6c2e30914528f1fc609de8

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

jamesanderson68986.ddns.net:1965

Targets

- Target
  
  Loading-Documents,pdf.exe
- Size
  
  423KB
- MD5
  
  4df66339be6f263c7c6e398cc65de65e
- SHA1
  
  6810fbf18ada8cdbc5d228c0db2bc01ca029fddf
- SHA256
  
  18f32daab9bac5909cf9fe9bfaba3183104ae5ec60bdafc8091214887e966195
- SHA512
  
  b0be3f88d7cde12e9fdb7f451f30b8b996c7eae12ad29bd8c313312af38c2b5d7f765da0af55d0554f04ff44f769a4cb8453b8f02e6c2e30914528f1fc609de8
Score

10^/10

rat remcos
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2