remcos | e5e175d048cc13ee35ae2c222be3eafe67d39be6422ca696ff40c91533d6c3b0 | Triage

Submit
Reports

Overview

overview

Static

static

ORDER #7507,pdf.exe

windows7_x64

ORDER #7507,pdf.exe

windows10_x64

Sharing

General

Target

ORDER #7507,pdf.exe
Size

1.5MB
Sample

210120-bm47pf3s1n
MD5

e5a7617cbb86629d7a1e3eb7d69fea95
SHA1

527438c49f88d639e29e434cabc8a22a9b511cda
SHA256

e5e175d048cc13ee35ae2c222be3eafe67d39be6422ca696ff40c91533d6c3b0
SHA512

996e7d32689f18503bcd033ddb753aa8dc5853f1cd9e5cf3c7f73990a814dbbcb9be1f67e6835e34a710d34eddb6da0bfb1942f0bd6fcffb47041b497cc2f095

Score

10^/10

remcos rat

Static task

static1

Behavioral task

behavioral1

Sample

ORDER #7507,pdf.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ORDER #7507,pdf.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

movement2020.ddns.net:6735

Targets

- Target
  
  ORDER #7507,pdf.exe
- Size
  
  1.5MB
- MD5
  
  e5a7617cbb86629d7a1e3eb7d69fea95
- SHA1
  
  527438c49f88d639e29e434cabc8a22a9b511cda
- SHA256
  
  e5e175d048cc13ee35ae2c222be3eafe67d39be6422ca696ff40c91533d6c3b0
- SHA512
  
  996e7d32689f18503bcd033ddb753aa8dc5853f1cd9e5cf3c7f73990a814dbbcb9be1f67e6835e34a710d34eddb6da0bfb1942f0bd6fcffb47041b497cc2f095
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy