remcos | c18f07d962d9753b946c6aa1b3af535f55c3cdc15e55fa647546a4cfd09796ca | Triage

Sharing

General

Target

Factura Serfinanza_031796927323_096721_5976158998367620_326563_08900792964825324_20917639155821_pdf.exe
Size

1.1MB
Sample

201228-e5svjtgt3a
MD5

7e0cf5dc618d5b851c465b683184485d
SHA1

c3dc0ab54014b13bd00cdcdf93b46441ca25c83d
SHA256

c18f07d962d9753b946c6aa1b3af535f55c3cdc15e55fa647546a4cfd09796ca
SHA512

61280ad02a0d19dee59b8082fb8ab1362cded538f4737d78d572cd203d547b113adbfae4cebe661667d45d8410fc874134f602dbec8b3e7bd034b184cdbb0610

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

databasepropersonombrecomercialideasearchwords.services:7680

Targets

- Target
  
  Factura Serfinanza_031796927323_096721_5976158998367620_326563_08900792964825324_20917639155821_pdf.exe
- Size
  
  1.1MB
- MD5
  
  7e0cf5dc618d5b851c465b683184485d
- SHA1
  
  c3dc0ab54014b13bd00cdcdf93b46441ca25c83d
- SHA256
  
  c18f07d962d9753b946c6aa1b3af535f55c3cdc15e55fa647546a4cfd09796ca
- SHA512
  
  61280ad02a0d19dee59b8082fb8ab1362cded538f4737d78d572cd203d547b113adbfae4cebe661667d45d8410fc874134f602dbec8b3e7bd034b184cdbb0610
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

remcospersistencerat