remcos | 51611ffb39a6a802631cc9dd10b9e1c268750d153649ff9ce5561f5380c1bc11 | Triage

Submit
Reports

Overview

overview

Static

static

51611ffb39...11.exe

windows7_x64

51611ffb39...11.exe

windows10_x64

Sharing

General

Target

51611ffb39a6a802631cc9dd10b9e1c268750d153649ff9ce5561f5380c1bc11
Size

960KB
Sample

201112-hb5kh49eys
MD5

f66db43a97a69279f2e3bec3452ad56e
SHA1

c6875b26c29efda68fd2c180abe1efb477f43b5e
SHA256

51611ffb39a6a802631cc9dd10b9e1c268750d153649ff9ce5561f5380c1bc11
SHA512

2d7a90249a0746358b8f9c711918e15a257dc07c655c0d5b30427e44e3a9afcdd9859ff62d7a15a31b22f1e64b7262747f1d47a62048f31de577ad0fc013874b

Score

10^/10

remcos rat

Static task

static1

Behavioral task

behavioral1

Sample

51611ffb39a6a802631cc9dd10b9e1c268750d153649ff9ce5561f5380c1bc11.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

51611ffb39a6a802631cc9dd10b9e1c268750d153649ff9ce5561f5380c1bc11.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

www.rmagent.biz:7181

Targets

- Target
  
  51611ffb39a6a802631cc9dd10b9e1c268750d153649ff9ce5561f5380c1bc11
- Size
  
  960KB
- MD5
  
  f66db43a97a69279f2e3bec3452ad56e
- SHA1
  
  c6875b26c29efda68fd2c180abe1efb477f43b5e
- SHA256
  
  51611ffb39a6a802631cc9dd10b9e1c268750d153649ff9ce5561f5380c1bc11
- SHA512
  
  2d7a90249a0746358b8f9c711918e15a257dc07c655c0d5b30427e44e3a9afcdd9859ff62d7a15a31b22f1e64b7262747f1d47a62048f31de577ad0fc013874b
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy