remcos | 641a1d0d54fc5d0facf1c2c20d1cb54f60705d67b5990b3be3cfcb7e8c1269a4 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.GenericKD.45131634.12155.15985
Size

573KB
Sample

201224-w45k8fvdfa
MD5

7b80992176d91fe6ccb5301fb16e3e40
SHA1

77bee4b3b07c367f45ea8ecd87eb65b317900fd9
SHA256

641a1d0d54fc5d0facf1c2c20d1cb54f60705d67b5990b3be3cfcb7e8c1269a4
SHA512

154b6a62df5c058c49ad58ddf0fefedb7675c9e8c06f5a637fd50d9869409772c954271de6f4791b774eb921030afc4d40e50f1523194c86b1c6e795aca258fd

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

whatgodcannotdodoestnotexist.duckdns.org:2889

Targets

- Target
  
  SecuriteInfo.com.Trojan.GenericKD.45131634.12155.15985
- Size
  
  573KB
- MD5
  
  7b80992176d91fe6ccb5301fb16e3e40
- SHA1
  
  77bee4b3b07c367f45ea8ecd87eb65b317900fd9
- SHA256
  
  641a1d0d54fc5d0facf1c2c20d1cb54f60705d67b5990b3be3cfcb7e8c1269a4
- SHA512
  
  154b6a62df5c058c49ad58ddf0fefedb7675c9e8c06f5a637fd50d9869409772c954271de6f4791b774eb921030afc4d40e50f1523194c86b1c6e795aca258fd
Score

10^/10

persistence remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

remcospersistencerat