remcos | 54c9967a2b3467f1a5961630d0bd429400e781de19866a383267c40e0f9acf2f | Triage

Sharing

General

Target

logo.gif
Size

334KB
Sample

200715-1ed7ed9ats
MD5

2dba5eaa753b51add319fae08b7f1b4a
SHA1

83ae229398bc6b01e781dd84e737232302bcff07
SHA256

54c9967a2b3467f1a5961630d0bd429400e781de19866a383267c40e0f9acf2f
SHA512

43d758807c85f5421d89b286778c0319f6ed2d3e9e59fe4c29324655a1d493bf83a01336fe459c8ac9c6e94fb4433ab219bcbb54e786c988fa48521e6c4ba361

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

update.huobibtc.net:443

Targets

- Target
  
  logo.gif
- Size
  
  334KB
- MD5
  
  2dba5eaa753b51add319fae08b7f1b4a
- SHA1
  
  83ae229398bc6b01e781dd84e737232302bcff07
- SHA256
  
  54c9967a2b3467f1a5961630d0bd429400e781de19866a383267c40e0f9acf2f
- SHA512
  
  43d758807c85f5421d89b286778c0319f6ed2d3e9e59fe4c29324655a1d493bf83a01336fe459c8ac9c6e94fb4433ab219bcbb54e786c988fa48521e6c4ba361
Score

10^/10

persistence rat remcos
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceratremcos

behavioral2

ratremcospersistence