remcos | 816f26e5b5de1be644fff419718bc3e1b8410a4a9a9f405d8db814e7758608d9 | Triage

Sharing

General

Target

DHL fil.exe
Size

1.7MB
Sample

210104-mx8eg5pagn
MD5

0400ac5d652f38d0b60274ceed2e673a
SHA1

9c4ea3cda7382930907a89dc8c6ad22dcecc0e67
SHA256

816f26e5b5de1be644fff419718bc3e1b8410a4a9a9f405d8db814e7758608d9
SHA512

389776faa311fa1b10e9eda5a0f93898109f73e75214fe1007ea6bb03c87bb26f76506a1828b42825f8ed1d8d4ac3969e4836a628514ae05a99753ce0629bc37

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

u875414.nvpn.to:2404

u875414.duckdns.org:2404

u875414.ddns.net:2404

u875414.nsupdate.info:2404

Targets

- Target
  
  DHL fil.exe
- Size
  
  1.7MB
- MD5
  
  0400ac5d652f38d0b60274ceed2e673a
- SHA1
  
  9c4ea3cda7382930907a89dc8c6ad22dcecc0e67
- SHA256
  
  816f26e5b5de1be644fff419718bc3e1b8410a4a9a9f405d8db814e7758608d9
- SHA512
  
  389776faa311fa1b10e9eda5a0f93898109f73e75214fe1007ea6bb03c87bb26f76506a1828b42825f8ed1d8d4ac3969e4836a628514ae05a99753ce0629bc37
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2