remcos | ed8b7563a60bab9c7a5e4b7a79bb01fa744000fdc3a3bfab837418190d22752e | Triage

Sharing

General

Target

December SOA.exe
Size

942KB
Sample

210112-h3e6x2h7kn
MD5

196f910a3335186350701c40afd852b7
SHA1

41461908d87d6ce39eebba80aea20bcd2fbfd8c0
SHA256

ed8b7563a60bab9c7a5e4b7a79bb01fa744000fdc3a3bfab837418190d22752e
SHA512

3a058f8d08e3a3d5da211eb8c05d92eb259a424100df11974156f9e90a2d9c662c23bddee2c9ff7c81bc2d860a9fc98c52e35d1b2087601379d7e1680b79b483

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

194.5.97.66:1840

Targets

- Target
  
  December SOA.exe
- Size
  
  942KB
- MD5
  
  196f910a3335186350701c40afd852b7
- SHA1
  
  41461908d87d6ce39eebba80aea20bcd2fbfd8c0
- SHA256
  
  ed8b7563a60bab9c7a5e4b7a79bb01fa744000fdc3a3bfab837418190d22752e
- SHA512
  
  3a058f8d08e3a3d5da211eb8c05d92eb259a424100df11974156f9e90a2d9c662c23bddee2c9ff7c81bc2d860a9fc98c52e35d1b2087601379d7e1680b79b483
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2