remcos | a81dc80c4e292405023f9c59504e55045ca754901cd06185d041642ce91a33b2 | Triage

Sharing

General

Target

HESAP BILGISI.PDF.exe
Size

361KB
Sample

210115-e232les5la
MD5

0b3fd095b95a6e7ff50a33e9bd83af8d
SHA1

e8910f1987f3c2b39b37885790aea305c8e09fec
SHA256

a81dc80c4e292405023f9c59504e55045ca754901cd06185d041642ce91a33b2
SHA512

3dda5d4cd455034b8035985e2c783d7f2a8cb084ccf20dea04245c94368aff2053dab688c4512c51a127bce259aef485847ac2ebee86b66b1895e3300fa0c8d9

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

72.11.157.241:4445

Targets

- Target
  
  HESAP BILGISI.PDF.exe
- Size
  
  361KB
- MD5
  
  0b3fd095b95a6e7ff50a33e9bd83af8d
- SHA1
  
  e8910f1987f3c2b39b37885790aea305c8e09fec
- SHA256
  
  a81dc80c4e292405023f9c59504e55045ca754901cd06185d041642ce91a33b2
- SHA512
  
  3dda5d4cd455034b8035985e2c783d7f2a8cb084ccf20dea04245c94368aff2053dab688c4512c51a127bce259aef485847ac2ebee86b66b1895e3300fa0c8d9
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2