remcos | 3ce969a94f4bc8dec526e3551626d7e3639bae986304deba85e8f29f039fe345 | Triage

Sharing

General

Target

REMOUOOO9O9.exe
Size

166KB
Sample

201230-ey6q54ekma
MD5

3cb897ca05c3fd89587b17595d902ca8
SHA1

1a0f1e71cfb5f08244384fafc5a17be17fa708e9
SHA256

3ce969a94f4bc8dec526e3551626d7e3639bae986304deba85e8f29f039fe345
SHA512

936f2c6d816cc6740b2f3fc0e7a67086ebc9db7d6e1c26a917d7628921e2487c981bac94c0154a06c7de1eedf8529e9d15840987b43bfaaeca3eeb55aa44bff1

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

45.137.22.52:8780

Targets

- Target
  
  REMOUOOO9O9.exe
- Size
  
  166KB
- MD5
  
  3cb897ca05c3fd89587b17595d902ca8
- SHA1
  
  1a0f1e71cfb5f08244384fafc5a17be17fa708e9
- SHA256
  
  3ce969a94f4bc8dec526e3551626d7e3639bae986304deba85e8f29f039fe345
- SHA512
  
  936f2c6d816cc6740b2f3fc0e7a67086ebc9db7d6e1c26a917d7628921e2487c981bac94c0154a06c7de1eedf8529e9d15840987b43bfaaeca3eeb55aa44bff1
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2