remcos | dd5db51871d80e537a74830cd124948c870630d86d609e43c7d1f9f93dfab8f2 | Triage

Sharing

General

Target

REAPERPROCESOPOROBLIG8434360001 REAPERPROCESOPOROBLIG8434360002.exe
Size

670KB
Sample

210105-n7fbwpvwdn
MD5

054ce02ef7bd8d194d3aefc66cf3c756
SHA1

97ff911123d1495aeb16aefdd19c0474d7d4cced
SHA256

dd5db51871d80e537a74830cd124948c870630d86d609e43c7d1f9f93dfab8f2
SHA512

5f06fce6ca4837abcf56ab98fdae6e4682033b3571945f7523350f1f83e270d3cfd76308095ccda172b9225166765aa3b6da3091d45f2bac1204f8fa60ae8f2d

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

startup381.duckdns.org:1212

Targets

- Target
  
  REAPERPROCESOPOROBLIG8434360001 REAPERPROCESOPOROBLIG8434360002.exe
- Size
  
  670KB
- MD5
  
  054ce02ef7bd8d194d3aefc66cf3c756
- SHA1
  
  97ff911123d1495aeb16aefdd19c0474d7d4cced
- SHA256
  
  dd5db51871d80e537a74830cd124948c870630d86d609e43c7d1f9f93dfab8f2
- SHA512
  
  5f06fce6ca4837abcf56ab98fdae6e4682033b3571945f7523350f1f83e270d3cfd76308095ccda172b9225166765aa3b6da3091d45f2bac1204f8fa60ae8f2d
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2