General
-
Target
remcos.exe
-
Size
649KB
-
Sample
200709-16x681dfk2
-
MD5
c088802b03e3bc1ef0082f268847a5f7
-
SHA1
28fd21058e88cd0e77cc9da119c7b7ecd582e2ac
-
SHA256
4444f1da7f9b30eb4fb593b9492e42745332402980e118b6a0431c7d1f5670ce
-
SHA512
6f296335284aa8337a60df52ffae7f87eb29502cea0ab050e2429ad841f79cd757a3e75a75cfb32463458d646d92ead9476c99fa4d058113be02b903b99e0d6a
Static task
static1
Behavioral task
behavioral1
Sample
remcos.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
remcos.exe
Resource
win10
Malware Config
Targets
-
-
Target
remcos.exe
-
Size
649KB
-
MD5
c088802b03e3bc1ef0082f268847a5f7
-
SHA1
28fd21058e88cd0e77cc9da119c7b7ecd582e2ac
-
SHA256
4444f1da7f9b30eb4fb593b9492e42745332402980e118b6a0431c7d1f5670ce
-
SHA512
6f296335284aa8337a60df52ffae7f87eb29502cea0ab050e2429ad841f79cd757a3e75a75cfb32463458d646d92ead9476c99fa4d058113be02b903b99e0d6a
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run entry to start application
-
Legitimate hosting services abused for malware hosting/C2
-