remcos | 3fcd62fac62aa9429edf5bbf7d4fb33bccfd39b1e7f009fb9609448371a01a49 | Triage

Submit
Reports

Overview

overview

Static

static

PolarisBio...or.exe

windows7_x64

PolarisBio...or.exe

windows10_x64

Sharing

General

Target

PolarisBiosEditor 1.7.2.zip
Size

2.1MB
Sample

210123-bfyzkjhfta
MD5

6da1bac338854a4412c0c0012fc6718d
SHA1

61cda046b241be87a27f0a5e1b6c7813a10904a2
SHA256

3fcd62fac62aa9429edf5bbf7d4fb33bccfd39b1e7f009fb9609448371a01a49
SHA512

2ce8ed5f585e2056bff22f0488e7e89bf7c9ec35803d2659b5b1a1cde66f669eb7f1384fc26ba363104b5e6139ed81483c38b385900f3bc09ecd71936158f881

Score

10^/10

remcos ransomware rat

Static task

static1

Behavioral task

behavioral1

Sample

PolarisBiosEditor 1.7.2/PolarisBiosEditor.exe

Resource

win7v20201028

remcos ransomware rat

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PolarisBiosEditor 1.7.2/PolarisBiosEditor.exe

Resource

win10v20201028

remcos ransomware rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

remcos

C2

37.252.11.23:5858

Targets

- Target
  
  PolarisBiosEditor 1.7.2/PolarisBiosEditor.exe
- Size
  
  2.5MB
- MD5
  
  9e0fda5c54adcedc3182e76165a19796
- SHA1
  
  3c343ca9fbdf93f8bac79ca854e150a3dffb2a88
- SHA256
  
  1ef35cbc0d1d5cba4a2504862c79c4e5147007d1c1e0f2a9c6ebf6c8f18461eb
- SHA512
  
  a8b1d1637085b700ae92d6861448522c45d7f78763241fe6b66137dd427e29ae70c9351ff72ad0e3d88edb37516f92f07ea4aeed44fa36fc6c9461999e48e34c
Score

10^/10

remcos ransomware rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcosransomwarerat

behavioral2

remcosransomwarerat

© 2018-2024

Terms | Privacy