remcos | c4474ec3fff006547f07255d6934d846e5a298a97a38aff50fcc95e92ee9dfcb | Triage

Sharing

General

Target

Factura Serfinanza_07333334324_62906820_122421665872145481_0242814_732782006747315187_255836870_pdf.exe
Size

1.1MB
Sample

201228-vw9677k2kx
MD5

9fe8183a8b73cd8f0a6462ff590aefb3
SHA1

b3dec78c3642ccac9b851c42739f8303c5513951
SHA256

c4474ec3fff006547f07255d6934d846e5a298a97a38aff50fcc95e92ee9dfcb
SHA512

42dce59f20635112213bae991889b305b9897138701e8a2f17d853ff385833d1686dcf9daea3aa3726c396cc65f9947eb6b56a4b49c97582e34b57ed37e3f13f

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

databasepropersonombrecomercialideasearchwords.services:7680

Targets

- Target
  
  Factura Serfinanza_07333334324_62906820_122421665872145481_0242814_732782006747315187_255836870_pdf.exe
- Size
  
  1.1MB
- MD5
  
  9fe8183a8b73cd8f0a6462ff590aefb3
- SHA1
  
  b3dec78c3642ccac9b851c42739f8303c5513951
- SHA256
  
  c4474ec3fff006547f07255d6934d846e5a298a97a38aff50fcc95e92ee9dfcb
- SHA512
  
  42dce59f20635112213bae991889b305b9897138701e8a2f17d853ff385833d1686dcf9daea3aa3726c396cc65f9947eb6b56a4b49c97582e34b57ed37e3f13f
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat