remcos | 97c1693cc21829a1b2139d13bc9b21a47555b18d6dc8943c4804890f1ab3b25c | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...90.exe

windows7_x64

SecuriteIn...90.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.Trojan.Siggen11.58832.24978.21590
Size

651KB
Sample

210118-esz6sd76me
MD5

d0b73f883fdd6cc9097028375fdc6231
SHA1

786826282e4f20076f50b7648e45ca1df856dd12
SHA256

97c1693cc21829a1b2139d13bc9b21a47555b18d6dc8943c4804890f1ab3b25c
SHA512

6c76cacd033b503d54d260f69ba370117f46c0b2fd72f6e9851e73d17d6966ffd1bceb655b3df029a5661275a14702c0b1d6094aac12480291199f963235c91c

Score

10^/10

remcos persistence rat spyware

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.Siggen11.58832.24978.21590.exe

Resource

win7v20201028

remcos persistence rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Trojan.Siggen11.58832.24978.21590.exe

Resource

win10v20201028

remcos persistence rat spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

push4me.freeddns.org:1814

Targets

- Target
  
  SecuriteInfo.com.Trojan.Siggen11.58832.24978.21590
- Size
  
  651KB
- MD5
  
  d0b73f883fdd6cc9097028375fdc6231
- SHA1
  
  786826282e4f20076f50b7648e45ca1df856dd12
- SHA256
  
  97c1693cc21829a1b2139d13bc9b21a47555b18d6dc8943c4804890f1ab3b25c
- SHA512
  
  6c76cacd033b503d54d260f69ba370117f46c0b2fd72f6e9851e73d17d6966ffd1bceb655b3df029a5661275a14702c0b1d6094aac12480291199f963235c91c
Score

10^/10

remcos persistence rat spyware
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistenceratspyware

© 2018-2024

Terms | Privacy