remcos | 3e1b557d439ca592c369de0b80c576820f61dcbc12c8babae78f3e30ba34f0af | Triage

Submit
Reports

Overview

overview

Static

static

e8594ea84a...a6.exe

windows7_x64

5

e8594ea84a...a6.exe

windows10_x64

Sharing

General

Target

e8594ea84a7a42ce70570019cff754a6.exe
Size

1.3MB
Sample

210112-2m2c4r9hex
MD5

e8594ea84a7a42ce70570019cff754a6
SHA1

28c61ddbc341aff36ef147f1cb9139b7d055caf1
SHA256

3e1b557d439ca592c369de0b80c576820f61dcbc12c8babae78f3e30ba34f0af
SHA512

2cd119489120dee762c4a7821230f05924e6c99f79d7bc54e0bd4437256ec7526b906fe8f69c959f89ab001a055d6feeaa120e1174998577b17178351c8bf1b9

Score

10^/10

remcos persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

e8594ea84a7a42ce70570019cff754a6.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e8594ea84a7a42ce70570019cff754a6.exe

Resource

win10v20201028

remcos persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu:2017

Targets

- Target
  
  e8594ea84a7a42ce70570019cff754a6.exe
- Size
  
  1.3MB
- MD5
  
  e8594ea84a7a42ce70570019cff754a6
- SHA1
  
  28c61ddbc341aff36ef147f1cb9139b7d055caf1
- SHA256
  
  3e1b557d439ca592c369de0b80c576820f61dcbc12c8babae78f3e30ba34f0af
- SHA512
  
  2cd119489120dee762c4a7821230f05924e6c99f79d7bc54e0bd4437256ec7526b906fe8f69c959f89ab001a055d6feeaa120e1174998577b17178351c8bf1b9
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

remcospersistencerat

© 2018-2024

Terms | Privacy