remcos | 33cca7e1dc5f3871bdbaa2bd663671a8add0f46a6c56f5ff0b039e3cc0f41af5 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...97.exe

windows7_x64

SecuriteIn...97.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.Generic.mg.3d63c204511f1851.31197
Size

1.3MB
Sample

210121-rqsl1x8lfj
MD5

3d63c204511f18510049d2fba3047d8d
SHA1

64aac8da141a21ddb1a66616764f9e15eb6d565f
SHA256

33cca7e1dc5f3871bdbaa2bd663671a8add0f46a6c56f5ff0b039e3cc0f41af5
SHA512

67209b1dbd84ead09ed19003dcb1d6be0665214c23eda836d3607a520b2f1b9efbaeb79bb7ad4ef5c34efeef23fedde670bf51ff4552ef077e20257d28145eaa

Score

10^/10

remcos persistence ransomware rat

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Generic.mg.3d63c204511f1851.31197.exe

Resource

win7v20201028

remcos persistence ransomware rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Generic.mg.3d63c204511f1851.31197.exe

Resource

win10v20201028

remcos persistence ransomware rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

wedsazxcvfghyuiokjhbnvfcdsaweyplmhbvrtud.ydns.eu:1996

Targets

- Target
  
  SecuriteInfo.com.Generic.mg.3d63c204511f1851.31197
- Size
  
  1.3MB
- MD5
  
  3d63c204511f18510049d2fba3047d8d
- SHA1
  
  64aac8da141a21ddb1a66616764f9e15eb6d565f
- SHA256
  
  33cca7e1dc5f3871bdbaa2bd663671a8add0f46a6c56f5ff0b039e3cc0f41af5
- SHA512
  
  67209b1dbd84ead09ed19003dcb1d6be0665214c23eda836d3607a520b2f1b9efbaeb79bb7ad4ef5c34efeef23fedde670bf51ff4552ef077e20257d28145eaa
Score

10^/10

remcos persistence ransomware rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

remcospersistenceransomwarerat

behavioral2

remcospersistenceransomwarerat

© 2018-2024

Terms | Privacy