remcos

General

Target

826c402e3bccdb488a218f6535dde25aef5f0d219cf5ddf22399644174771d36
Size

7.0MB
Sample

201111-3yhtmhwm32
MD5

f36c7ece4729f87499cbf12bf35637e5
SHA1

a3b662d9308055d4bd6c5255d457c6f5a07a4a27
SHA256

826c402e3bccdb488a218f6535dde25aef5f0d219cf5ddf22399644174771d36
SHA512

07e6369ef7434290c02ba9320edc82076eb3bd42a59a2b37554c94dc43adb949e13fbe809c51aed047427ba93c00159678d03187944e10d49e124545bfd63344

Score

10^/10

Malware Config

Extracted

Family

remcos

C2

CEDSXoissLv2NiM.club:5762

PgqduOYXVZeNNam.xyz:5762

USd7O88wEMlUtX5.xyz:5762

pMfiryhhkiN98Px.xyz:5762

Se2Qwz60L2OxZNM.xyz:5762

GWtY0fiG58DCq6F.xyz:5762

maui16azsncpo97.info:5762

mj99puoba6c3gun.info:5762

tu90to3b4q4uqze.info:5762

cwt1u0vv8ic357ov.info:5762

agaoajz1hrvevre.info:5762

poykoqnl7jkj632.info:5762

cbiq1neygyp1wno.info:5762

BCBNcQ393Z3HPLQ.club:5762

Targets

- Target
  
  826c402e3bccdb488a218f6535dde25aef5f0d219cf5ddf22399644174771d36
- Size
  
  7.0MB
- MD5
  
  f36c7ece4729f87499cbf12bf35637e5
- SHA1
  
  a3b662d9308055d4bd6c5255d457c6f5a07a4a27
- SHA256
  
  826c402e3bccdb488a218f6535dde25aef5f0d219cf5ddf22399644174771d36
- SHA512
  
  07e6369ef7434290c02ba9320edc82076eb3bd42a59a2b37554c94dc43adb949e13fbe809c51aed047427ba93c00159678d03187944e10d49e124545bfd63344
Score

10^/10

remcos rat rezer0
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- rezer0
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

rezer0

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2