remcos | bce5cf4569147481b12df6d6448ecc1604a5ca28b76c49095b899f934f63cdfa | Triage

Sharing

General

Target

090000090000-090.exe
Size

181KB
Sample

210112-l38x2yeg1s
MD5

8e30502bf5d0d0f2c3a7b61903027beb
SHA1

fba36fc112c0ace8c4261317a49988959464adb9
SHA256

bce5cf4569147481b12df6d6448ecc1604a5ca28b76c49095b899f934f63cdfa
SHA512

ae7a09f73a900667ac5f388aef54758f9bef8edcb4606f42ffc25e9a0f3f9347bdbd3b1e591805a3c979ceb2f61b9a6aa48c1c0f1ac1e2c7d7c71a066c7d9177

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

45.137.22.52:8780

Targets

- Target
  
  090000090000-090.exe
- Size
  
  181KB
- MD5
  
  8e30502bf5d0d0f2c3a7b61903027beb
- SHA1
  
  fba36fc112c0ace8c4261317a49988959464adb9
- SHA256
  
  bce5cf4569147481b12df6d6448ecc1604a5ca28b76c49095b899f934f63cdfa
- SHA512
  
  ae7a09f73a900667ac5f388aef54758f9bef8edcb4606f42ffc25e9a0f3f9347bdbd3b1e591805a3c979ceb2f61b9a6aa48c1c0f1ac1e2c7d7c71a066c7d9177
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2