remcos | 6c882aeb918e424cefe1068a6d3fbff5526c31e185716bf3a0d5ae0295772f09 | Triage

Sharing

General

Target

V08514-2336-ç´…è˜¿è””æ ¸å° å–®.scr
Size

656KB
Sample

200729-a62zb6x12a
MD5

6466b9e657e38501048da7869b1de39f
SHA1

0d0598e1be9bd940734708769bfb1961303e7c0e
SHA256

6c882aeb918e424cefe1068a6d3fbff5526c31e185716bf3a0d5ae0295772f09
SHA512

cbd62e4742357ccc781627f8cc3e04581704ac70fcae42d3b1ebbe2ed05f2a01a69192917ea93bb060dd02d94bc97dc0cfc5ecab5588f58e9ef548bef2a47ae1

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

188.72.124.143:2855

Targets

- Target
  
  V08514-2336-ç´…è˜¿è””æ ¸å° å–®.scr
- Size
  
  656KB
- MD5
  
  6466b9e657e38501048da7869b1de39f
- SHA1
  
  0d0598e1be9bd940734708769bfb1961303e7c0e
- SHA256
  
  6c882aeb918e424cefe1068a6d3fbff5526c31e185716bf3a0d5ae0295772f09
- SHA512
  
  cbd62e4742357ccc781627f8cc3e04581704ac70fcae42d3b1ebbe2ed05f2a01a69192917ea93bb060dd02d94bc97dc0cfc5ecab5588f58e9ef548bef2a47ae1
Score

10^/10

persistence rat remcos
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceratremcos

behavioral2

persistenceratremcos