remcos | 5d18283ed1cb2d7e7bd78e87821b3aa2f2ea64b01e28736098a3922fea61fe71 | Triage

Sharing

General

Target

Cotización de factura.exe
Size

175KB
Sample

210112-7t8ha4qjya
MD5

c615c0190a56b52735589ac7bc9a6f9a
SHA1

99dbc59464aac2260b46f3d3dfd6cbaac0dd3bbb
SHA256

5d18283ed1cb2d7e7bd78e87821b3aa2f2ea64b01e28736098a3922fea61fe71
SHA512

ce225236fcbf26bfe76d9d4862e0bacc9d59517c2a832231d76136f7f34640101be861888ad862de1acbf1f2297d33681325e215bc2cfc3f2a227f87712da93a

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

45.137.22.52:8780

Targets

- Target
  
  Cotización de factura.exe
- Size
  
  175KB
- MD5
  
  c615c0190a56b52735589ac7bc9a6f9a
- SHA1
  
  99dbc59464aac2260b46f3d3dfd6cbaac0dd3bbb
- SHA256
  
  5d18283ed1cb2d7e7bd78e87821b3aa2f2ea64b01e28736098a3922fea61fe71
- SHA512
  
  ce225236fcbf26bfe76d9d4862e0bacc9d59517c2a832231d76136f7f34640101be861888ad862de1acbf1f2297d33681325e215bc2cfc3f2a227f87712da93a
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2