remcos | ef72ed441c71a243e87b94b8cf265b1d8bc6205dddc51cbd86b252430a6f495a | Triage

Submit
Reports

Overview

overview

Static

static

OverdriveN...ol.exe

windows7_x64

8

OverdriveN...ol.exe

windows10_x64

Sharing

General

Target

OverdriveNTool 0.2.8.zip
Size

5.9MB
Sample

210118-gv8ajazb8a
MD5

c8824c5761a3fbe47dabc0cde130b1d7
SHA1

35cf87529505999a3810fb66dcd2318c9a1f6422
SHA256

ef72ed441c71a243e87b94b8cf265b1d8bc6205dddc51cbd86b252430a6f495a
SHA512

b79f1c20e0653a0a361ea2b9277062cba216b96ceea83f795d0a20c2aea1671a56b4618ae3dcdacf1fce9db031098022d13f127f3c1e0945f2d19331a8190961

Score

10^/10

remcos rat

Static task

static1

Behavioral task

behavioral1

Sample

OverdriveNTool 0.2.8/OverdriveNTool.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

OverdriveNTool 0.2.8/OverdriveNTool.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

5.45.87.29:8000

Targets

- Target
  
  OverdriveNTool 0.2.8/OverdriveNTool.exe
- Size
  
  3.0MB
- MD5
  
  791cfdc666b5c26233e23ebfe588064a
- SHA1
  
  781b30041f7a9dfbd2050e1f9514e3c946b751c4
- SHA256
  
  26101a6e025abc1a65c1675503f45a6d067198af56901960dd1b019fbfdacb01
- SHA512
  
  a59a5931212086b0a252685daaab36136336a51ed8811d7285245e34b803247b25ee116b65346efa698a7eb8793992a7826cf5cd51ac81329630ec9e6394d84f
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy