remcos | 1202173f3ce4f49947f8e6554991a320c7a6e5faced43bec6a3bd051d13f7666 | Triage

Submit
Reports

Overview

overview

Static

static

atiflash_293.exe

windows7_x64

8

atiflash_293.exe

windows10_x64

Sharing

General

Target

atiflash_293.exe
Size

2.6MB
Sample

210101-d49m727bcn
MD5

0e9aa72a849986562d22f61e0fd09086
SHA1

410a799cd5ed227384d1aa4e97939dbcc24f0c36
SHA256

1202173f3ce4f49947f8e6554991a320c7a6e5faced43bec6a3bd051d13f7666
SHA512

2bbf1dcf3979ff40c622a0cd0d90f08953f7de0452bf6b49cfbc1c45f570098591b4054bfeceb2b6035de08afe5d5afc787dcc549024c8747aab6d7ff133b596

Score

10^/10

remcos rat

Static task

static1

Behavioral task

behavioral1

Sample

atiflash_293.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

atiflash_293.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

5.61.56.10:9003

Targets

- Target
  
  atiflash_293.exe
- Size
  
  2.6MB
- MD5
  
  0e9aa72a849986562d22f61e0fd09086
- SHA1
  
  410a799cd5ed227384d1aa4e97939dbcc24f0c36
- SHA256
  
  1202173f3ce4f49947f8e6554991a320c7a6e5faced43bec6a3bd051d13f7666
- SHA512
  
  2bbf1dcf3979ff40c622a0cd0d90f08953f7de0452bf6b49cfbc1c45f570098591b4054bfeceb2b6035de08afe5d5afc787dcc549024c8747aab6d7ff133b596
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- JavaScript code in executable
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy