remcos | baac57b1f64f5d6e9eeadc84424db056fe253119f0f1bf4b2f2b55f940bce4ab | Triage

Submit
Reports

Overview

overview

Static

static

2021 NEW P...T.xlsx

windows7_x64

2021 NEW P...T.xlsx

windows10_x64

1

Sharing

General

Target

2021 NEW PURCHASE REQUIREMENT.xlsx
Size

1.4MB
Sample

210113-dh486kskcj
MD5

c12a39b32626cd2b4ca80d41ffa7a24c
SHA1

2105a2bc2161e9adfa0d3e087e43a466b9f5df58
SHA256

baac57b1f64f5d6e9eeadc84424db056fe253119f0f1bf4b2f2b55f940bce4ab
SHA512

f9a0ed261feea72e6bc128475db4ae5f239ade26937f1b5a645ad5c8d7face344c8ba3a90fbed5679bcd19207e66a52e2cebd5ed210b82d6590eb10a7486ea22

Score

10^/10

remcos persistence rat

Static task

static1

Behavioral task

behavioral1

Sample

2021 NEW PURCHASE REQUIREMENT.xlsx

Resource

win7v20201028

remcos persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2021 NEW PURCHASE REQUIREMENT.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu:2017

Targets

- Target
  
  2021 NEW PURCHASE REQUIREMENT.xlsx
- Size
  
  1.4MB
- MD5
  
  c12a39b32626cd2b4ca80d41ffa7a24c
- SHA1
  
  2105a2bc2161e9adfa0d3e087e43a466b9f5df58
- SHA256
  
  baac57b1f64f5d6e9eeadc84424db056fe253119f0f1bf4b2f2b55f940bce4ab
- SHA512
  
  f9a0ed261feea72e6bc128475db4ae5f239ade26937f1b5a645ad5c8d7face344c8ba3a90fbed5679bcd19207e66a52e2cebd5ed210b82d6590eb10a7486ea22
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

© 2018-2024

Terms | Privacy