remcos | b67361c9d7c2bcbe7e94b698f4d5abd1e6ffd96429d2c66dcfd92a573303e4f0 | Triage

Sharing

General

Target

DHL1.exe
Size

486KB
Sample

210105-h8band2am2
MD5

769cad9655cea5fd5955cc86b5e0c87d
SHA1

d838dfb733cc4017890c5d036a7517de1e70d3fe
SHA256

b67361c9d7c2bcbe7e94b698f4d5abd1e6ffd96429d2c66dcfd92a573303e4f0
SHA512

f9d5aa31daff55631fbf2402bfdc20dc5503e5423db5f75fdbd2fbe76650cbe1db36e5918c67c1757e41b43b7f0f5bc53fa613595bf955f5447c60c08c216a67

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

u875414.nvpn.to:2404

u875414.duckdns.org:2404

u875414.ddns.net:2404

u875414.nsupdate.info:2404

Targets

- Target
  
  DHL1.exe
- Size
  
  486KB
- MD5
  
  769cad9655cea5fd5955cc86b5e0c87d
- SHA1
  
  d838dfb733cc4017890c5d036a7517de1e70d3fe
- SHA256
  
  b67361c9d7c2bcbe7e94b698f4d5abd1e6ffd96429d2c66dcfd92a573303e4f0
- SHA512
  
  f9d5aa31daff55631fbf2402bfdc20dc5503e5423db5f75fdbd2fbe76650cbe1db36e5918c67c1757e41b43b7f0f5bc53fa613595bf955f5447c60c08c216a67
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2