remcos | fb5c2112d88972425668484c43e86f94411409fe36489084e7a8a71250a68988 | Triage

Submit
Reports

Overview

overview

Static

static

NUEVO PEDI...df.exe

windows7_x64

NUEVO PEDI...df.exe

windows10_x64

Sharing

General

Target

NUEVO PEDIDO #7507,pdf.exe
Size

1.5MB
Sample

210121-edrk83ngga
MD5

b04aded95ad29e8cd681e53560f528c9
SHA1

ed24198ede4e1c4aaa4454c320f55781a9f922cd
SHA256

fb5c2112d88972425668484c43e86f94411409fe36489084e7a8a71250a68988
SHA512

f34e9b7e2bd2b1a5cbb661816e61a90dcc0cb8e1aa42d59e4c5342707f08cd54c0a43b2727bb73abbb32243c8644fd0842d980c91ad8825295b569395acb01b8

Score

10^/10

remcos rat

Static task

static1

Behavioral task

behavioral1

Sample

NUEVO PEDIDO #7507,pdf.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

NUEVO PEDIDO #7507,pdf.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

movement2020.ddns.net:6735

Targets

- Target
  
  NUEVO PEDIDO #7507,pdf.exe
- Size
  
  1.5MB
- MD5
  
  b04aded95ad29e8cd681e53560f528c9
- SHA1
  
  ed24198ede4e1c4aaa4454c320f55781a9f922cd
- SHA256
  
  fb5c2112d88972425668484c43e86f94411409fe36489084e7a8a71250a68988
- SHA512
  
  f34e9b7e2bd2b1a5cbb661816e61a90dcc0cb8e1aa42d59e4c5342707f08cd54c0a43b2727bb73abbb32243c8644fd0842d980c91ad8825295b569395acb01b8
Score

10^/10

remcos rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy