remcos | defe000395c5932a94450bd21a142a954d5113da26ee5127e8cab0980a62b042 | Triage

Sharing

General

Target

TASK RFQ TK011521.exe
Size

901KB
Sample

210115-dxfs5emyvn
MD5

9618ffdc9d54fb0d153fb47e7e323983
SHA1

c3da94a42035f6b913ea6cd2b2e477bd8a71787d
SHA256

defe000395c5932a94450bd21a142a954d5113da26ee5127e8cab0980a62b042
SHA512

67cbb8bb38278b3c6fbf974092cc77b7d17902c89a6d09d5ece7f84f7eda259b28f7ba9362f4c1a111b0d7b1205724a8d7ff21d2ca599d1eeafc0b6032fc435e

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

jackpiaau.duckdns.org:4902

ihechi.ddns.net:4902

Targets

- Target
  
  TASK RFQ TK011521.exe
- Size
  
  901KB
- MD5
  
  9618ffdc9d54fb0d153fb47e7e323983
- SHA1
  
  c3da94a42035f6b913ea6cd2b2e477bd8a71787d
- SHA256
  
  defe000395c5932a94450bd21a142a954d5113da26ee5127e8cab0980a62b042
- SHA512
  
  67cbb8bb38278b3c6fbf974092cc77b7d17902c89a6d09d5ece7f84f7eda259b28f7ba9362f4c1a111b0d7b1205724a8d7ff21d2ca599d1eeafc0b6032fc435e
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2