remcos | 3d84d2ad35397d5b2b3d482886e2a15551053e903de3fb446704754b48ffa925 | Triage

Submit
Reports

Overview

overview

Static

static

atiflash_293.exe

windows7_x64

8

atiflash_293.exe

windows10_x64

Sharing

General

Target

atiflash_293.exe
Size

3.2MB
Sample

210111-8xvw673nk2
MD5

e6172650b97c48b350630e67e13387d9
SHA1

ad2a2c83d70088b1fe69adb77b8efdccb280be04
SHA256

3d84d2ad35397d5b2b3d482886e2a15551053e903de3fb446704754b48ffa925
SHA512

8a61d1a837c338f09fc21f1bb803ecb3813174015724b4bb69dc4c444086efef3e83702483dc7c41acfb0ea11cdcda7c8585eedfcff485e3c66c70ab65280ac8

Score

10^/10

remcos rat

Static task

static1

Behavioral task

behavioral1

Sample

atiflash_293.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

atiflash_293.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

94.242.206.175:5883

Targets

- Target
  
  atiflash_293.exe
- Size
  
  3.2MB
- MD5
  
  e6172650b97c48b350630e67e13387d9
- SHA1
  
  ad2a2c83d70088b1fe69adb77b8efdccb280be04
- SHA256
  
  3d84d2ad35397d5b2b3d482886e2a15551053e903de3fb446704754b48ffa925
- SHA512
  
  8a61d1a837c338f09fc21f1bb803ecb3813174015724b4bb69dc4c444086efef3e83702483dc7c41acfb0ea11cdcda7c8585eedfcff485e3c66c70ab65280ac8
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- JavaScript code in executable
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy