remcos | 4e9dc740909974e7e5c1f5618bfba6192ada1ab988173685a50280bb4d232a5f | Triage

Sharing

General

Target

2CBPOfVTs5QeG8Z.exe
Size

725KB
Sample

210113-s7cagy9ka2
MD5

7b709e3928fa5d957244a6620d546a7e
SHA1

fd6f4702fe9bcdcfc9555f50b2917ff6ca00ba12
SHA256

4e9dc740909974e7e5c1f5618bfba6192ada1ab988173685a50280bb4d232a5f
SHA512

4ecfad7f2221a1d37997aa40fc45bfb88a2630021cc3506b1c641a18913fb5944508f31f80f6b0d297031e3349d6a5034bb72c2a5ece181ce841576326faf970

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

185.244.26.208:29100

Targets

- Target
  
  2CBPOfVTs5QeG8Z.exe
- Size
  
  725KB
- MD5
  
  7b709e3928fa5d957244a6620d546a7e
- SHA1
  
  fd6f4702fe9bcdcfc9555f50b2917ff6ca00ba12
- SHA256
  
  4e9dc740909974e7e5c1f5618bfba6192ada1ab988173685a50280bb4d232a5f
- SHA512
  
  4ecfad7f2221a1d37997aa40fc45bfb88a2630021cc3506b1c641a18913fb5944508f31f80f6b0d297031e3349d6a5034bb72c2a5ece181ce841576326faf970
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2