remcos | 61a33c157f6d443152b59183411df3573f90af31aacbacf59be8fad94135940b | Triage

Sharing

General

Target

INV_2021354783263530001.exe
Size

718KB
Sample

201230-axbzrt353x
MD5

f9d0a69df4ef34f6477abd5c9eccc814
SHA1

915af938fdd3329ce4ac9fe7af949a1a9b96e600
SHA256

61a33c157f6d443152b59183411df3573f90af31aacbacf59be8fad94135940b
SHA512

422eb9ed75f22120cc8450ab650736630da5a31a34dce73c97690455d4ef406ee16e0aa0b2c4f74759411716d494698cfa83a69ea38ac9b6bcff6dc8ba551164

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

remcos.kolisis.space:7398

Targets

- Target
  
  INV_2021354783263530001.exe
- Size
  
  718KB
- MD5
  
  f9d0a69df4ef34f6477abd5c9eccc814
- SHA1
  
  915af938fdd3329ce4ac9fe7af949a1a9b96e600
- SHA256
  
  61a33c157f6d443152b59183411df3573f90af31aacbacf59be8fad94135940b
- SHA512
  
  422eb9ed75f22120cc8450ab650736630da5a31a34dce73c97690455d4ef406ee16e0aa0b2c4f74759411716d494698cfa83a69ea38ac9b6bcff6dc8ba551164
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2