51611ffb39a6a802631cc9dd10b9e1c268750d153649ff9ce5561f5380c1bc11

General
Target

51611ffb39a6a802631cc9dd10b9e1c268750d153649ff9ce5561f5380c1bc11

Size

960KB

Sample

201112-hb5kh49eys

Score
10 /10
MD5

f66db43a97a69279f2e3bec3452ad56e

SHA1

c6875b26c29efda68fd2c180abe1efb477f43b5e

SHA256

51611ffb39a6a802631cc9dd10b9e1c268750d153649ff9ce5561f5380c1bc11

SHA512

2d7a90249a0746358b8f9c711918e15a257dc07c655c0d5b30427e44e3a9afcdd9859ff62d7a15a31b22f1e64b7262747f1d47a62048f31de577ad0fc013874b

Malware Config

Extracted

Family remcos
C2

www.rmagent.biz:7181

Targets
Target

51611ffb39a6a802631cc9dd10b9e1c268750d153649ff9ce5561f5380c1bc11

MD5

f66db43a97a69279f2e3bec3452ad56e

Filesize

960KB

Score
10 /10
SHA1

c6875b26c29efda68fd2c180abe1efb477f43b5e

SHA256

51611ffb39a6a802631cc9dd10b9e1c268750d153649ff9ce5561f5380c1bc11

SHA512

2d7a90249a0746358b8f9c711918e15a257dc07c655c0d5b30427e44e3a9afcdd9859ff62d7a15a31b22f1e64b7262747f1d47a62048f31de577ad0fc013874b

Tags

Signatures

  • Remcos

    Description

    Remcos is a closed-source remote control and surveillance software.

    Tags

  • Drops startup file

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10