Extracted

• • Target

    SecuriteInfo.com.Artemis0C6A22A028CE.16359

  • Size

    1.5MB

  • MD5

    0c6a22a028ce02e10608bb44b7b4c66f

  • SHA1

    686ca5b3fdb1606769054107783ab4ad49a3acec

  • SHA256

    491cff43b259addd44a312094b15674d2c33c9ab901500130fead03e7d9d6530

  • SHA512

    dbee8252a20e0e90242282b14c76ca8256700055b65f27f3b19131bd27613a5168363d4507daac641234504f15b3b6d4a53140b5c591e6df732aa253087ffaaa

  Score

  10^/10

  persistenceratremcos

  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run entry to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2