remcos | 3f416eb40a2f3043bb0e16cc684a3cecdae3fee9f340e4adf9ddb700e4bf2cfd | Triage

Sharing

General

Target

DHL Delivery Shipping, PDF.exe
Size

991KB
Sample

210113-zbcmz7926e
MD5

43df80ded0aa1f92951742b2dc2b916e
SHA1

0d37d5f1876431cd0345f72770e38302d07b194b
SHA256

3f416eb40a2f3043bb0e16cc684a3cecdae3fee9f340e4adf9ddb700e4bf2cfd
SHA512

16216eaa505ffb11ecd0b61b50387fe242079dcc17158dc783df6c08d9884eeac4612a6586450a7957c2d425e1957905ca023d0733137844615577205e6ed338

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

mikegrace2021.ddns.net:1999

Targets

- Target
  
  DHL Delivery Shipping, PDF.exe
- Size
  
  991KB
- MD5
  
  43df80ded0aa1f92951742b2dc2b916e
- SHA1
  
  0d37d5f1876431cd0345f72770e38302d07b194b
- SHA256
  
  3f416eb40a2f3043bb0e16cc684a3cecdae3fee9f340e4adf9ddb700e4bf2cfd
- SHA512
  
  16216eaa505ffb11ecd0b61b50387fe242079dcc17158dc783df6c08d9884eeac4612a6586450a7957c2d425e1957905ca023d0733137844615577205e6ed338
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2