remcos | 0c873ba18e7449a4e0110dbef0fce6cbe36ce0649a743d84675800bb2caa1938 | Triage

Sharing

General

Target

0000090000902021.exe
Size

354KB
Sample

210115-9wfcxmgzme
MD5

4decfb66c5f4b06dfd047292f6e18d7c
SHA1

0d0d42946b325aba13e75514513e363601582815
SHA256

0c873ba18e7449a4e0110dbef0fce6cbe36ce0649a743d84675800bb2caa1938
SHA512

58f8bc7145d997eb3a67890f5c5a94889e564df64aea86f6fd31af9185b9da466d5bc1927feb31743a1fa00c707d1b8e6fc046f3beeb881413076d85f26f1050

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

72.11.157.241:4445

Targets

- Target
  
  0000090000902021.exe
- Size
  
  354KB
- MD5
  
  4decfb66c5f4b06dfd047292f6e18d7c
- SHA1
  
  0d0d42946b325aba13e75514513e363601582815
- SHA256
  
  0c873ba18e7449a4e0110dbef0fce6cbe36ce0649a743d84675800bb2caa1938
- SHA512
  
  58f8bc7145d997eb3a67890f5c5a94889e564df64aea86f6fd31af9185b9da466d5bc1927feb31743a1fa00c707d1b8e6fc046f3beeb881413076d85f26f1050
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2