remcos | f8b5e14a549989e51f567b5a7be04f6187d7bd4067e957e66152ecbf73893a47 | Triage

Sharing

General

Target

MC International Trading - products list.exe
Size

1.0MB
Sample

210118-5plechzzg2
MD5

1749cf9fe03ca7ee146bf316831f01b2
SHA1

c87d534728d266847e4a7665d82c4a9553c60ccc
SHA256

f8b5e14a549989e51f567b5a7be04f6187d7bd4067e957e66152ecbf73893a47
SHA512

1a6b0be1b92493698ced5e663fa0fa3811ef9ca897d029d1c98c698e680f110f4c548f7bc5f13d5d987b359991dfada6e1f81e2fbc715ec98160d4de6c87b317

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

185.136.171.240:4044

Targets

- Target
  
  MC International Trading - products list.exe
- Size
  
  1.0MB
- MD5
  
  1749cf9fe03ca7ee146bf316831f01b2
- SHA1
  
  c87d534728d266847e4a7665d82c4a9553c60ccc
- SHA256
  
  f8b5e14a549989e51f567b5a7be04f6187d7bd4067e957e66152ecbf73893a47
- SHA512
  
  1a6b0be1b92493698ced5e663fa0fa3811ef9ca897d029d1c98c698e680f110f4c548f7bc5f13d5d987b359991dfada6e1f81e2fbc715ec98160d4de6c87b317
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2