remcos | af5e020c1ac3f3590036495b28ebad3153c66986da343142db222a5df5d42b2d | Triage

Sharing

General

Target

Urgent order 1812021-672 Q30721,pdf.exe
Size

888KB
Sample

210118-vrns7g5nfx
MD5

5f4f037e04be43a34b342e4e481e1a90
SHA1

3fdada0e5c3a0e73f38f5b5bc16c13323ad30ff4
SHA256

af5e020c1ac3f3590036495b28ebad3153c66986da343142db222a5df5d42b2d
SHA512

172f0130ac9d93ca31ba0af555cf8314d94be50cdba9b4ad0278a1d866d028e84020df95269ad56274621d3671d9871c85d8543d17fa6591694febf417e33a89

Score

10^/10

remcos rat

Malware Config

Extracted

Family

remcos

C2

goddywin.freedynamicdns.net:2525

Targets

- Target
  
  Urgent order 1812021-672 Q30721,pdf.exe
- Size
  
  888KB
- MD5
  
  5f4f037e04be43a34b342e4e481e1a90
- SHA1
  
  3fdada0e5c3a0e73f38f5b5bc16c13323ad30ff4
- SHA256
  
  af5e020c1ac3f3590036495b28ebad3153c66986da343142db222a5df5d42b2d
- SHA512
  
  172f0130ac9d93ca31ba0af555cf8314d94be50cdba9b4ad0278a1d866d028e84020df95269ad56274621d3671d9871c85d8543d17fa6591694febf417e33a89
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2