remcos | 7debbe024dbb6e548f266c653d22b6dfb1738615a4a7653eea9964d34d111eeb | Triage

Sharing

General

Target

ADJUNTO_EXTRACTO_75422514701354879545042432022154657988454047224024231254457878797857055454242204243376482_8795446423402112156454978750443420211264875727234648454_54601239784546421342215246578542_64512_pdf.exe
Size

269KB
Sample

200713-2jecylkags
MD5

de11b124fd6ddebb30c9424ffb07fa0b
SHA1

1209452da9bb0ac7e2728c5e22d9306e56f54b14
SHA256

7debbe024dbb6e548f266c653d22b6dfb1738615a4a7653eea9964d34d111eeb
SHA512

6de0e740d9f8e8aec8660ad552dfe85776ef6fc60d45b58c9ce08ca6cad440e84b1430157b2552b67682fb34829e0cf8a9ace6d54c307b7a1114e78a9f28351a

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

recuperaciondecartera.website:6790

Targets

- Target
  
  ADJUNTO_EXTRACTO_75422514701354879545042432022154657988454047224024231254457878797857055454242204243376482_8795446423402112156454978750443420211264875727234648454_54601239784546421342215246578542_64512_pdf.exe
- Size
  
  269KB
- MD5
  
  de11b124fd6ddebb30c9424ffb07fa0b
- SHA1
  
  1209452da9bb0ac7e2728c5e22d9306e56f54b14
- SHA256
  
  7debbe024dbb6e548f266c653d22b6dfb1738615a4a7653eea9964d34d111eeb
- SHA512
  
  6de0e740d9f8e8aec8660ad552dfe85776ef6fc60d45b58c9ce08ca6cad440e84b1430157b2552b67682fb34829e0cf8a9ace6d54c307b7a1114e78a9f28351a
Score

10^/10

persistence rat remcos
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Adds Run entry to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistenceratremcos

behavioral2

persistenceratremcos