remcos | 999c9e17b0d164a69bb0224a1231420577b2a4283579e59572f90c32d4daade2 | Triage

Sharing

General

Target

a3a675373e72c1f35bc333f988a3b754.exe
Size

5.0MB
Sample

210117-734nv1a612
MD5

a3a675373e72c1f35bc333f988a3b754
SHA1

9c86091fb649b59959b2f3d8eccfca26e6b2c78a
SHA256

999c9e17b0d164a69bb0224a1231420577b2a4283579e59572f90c32d4daade2
SHA512

7e973d147bb0f0ba1f85c855cd531a78b3198fb90dd5c43f4b0765a72a5e75819c0954b99e158327eeba4645e07454e8505f34a159c73deb256f71c00ffdcbd2

Score

10^/10

remcos persistence rat spyware

Malware Config

Extracted

Family

remcos

C2

ezisec.duckdns.org:2929

38.68.53.190:2929

Targets

- Target
  
  a3a675373e72c1f35bc333f988a3b754.exe
- Size
  
  5.0MB
- MD5
  
  a3a675373e72c1f35bc333f988a3b754
- SHA1
  
  9c86091fb649b59959b2f3d8eccfca26e6b2c78a
- SHA256
  
  999c9e17b0d164a69bb0224a1231420577b2a4283579e59572f90c32d4daade2
- SHA512
  
  7e973d147bb0f0ba1f85c855cd531a78b3198fb90dd5c43f4b0765a72a5e75819c0954b99e158327eeba4645e07454e8505f34a159c73deb256f71c00ffdcbd2
Score

10^/10

remcos persistence rat spyware
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

remcospersistenceratspyware

behavioral2

remcospersistenceratspyware