remcos | bf7284523c8cb05567f3bfd8e746d35a05589fdf7925cf15eb3c62c1304c4f2a | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.DownLoader36.37095.24479.29903
Size

824KB
Sample

210124-9k15xxhpqe
MD5

3f802c0c44f93d751d4f34b7597cbbb2
SHA1

0e1b321254b9d8e9e2a0ae2eade52612c953e250
SHA256

bf7284523c8cb05567f3bfd8e746d35a05589fdf7925cf15eb3c62c1304c4f2a
SHA512

49d23be1484f0e2fca2c524692d96fe8928470da98c11fd367b1439ea3786d26ce9ae9ef384f4084812185f06d2eb762e362d3339cef9ab9c7f351793aa075f7

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

nothinglike.ac.ug:6969

brudfascaqezd.ac.ug:6969

Targets

- Target
  
  SecuriteInfo.com.Trojan.DownLoader36.37095.24479.29903
- Size
  
  824KB
- MD5
  
  3f802c0c44f93d751d4f34b7597cbbb2
- SHA1
  
  0e1b321254b9d8e9e2a0ae2eade52612c953e250
- SHA256
  
  bf7284523c8cb05567f3bfd8e746d35a05589fdf7925cf15eb3c62c1304c4f2a
- SHA512
  
  49d23be1484f0e2fca2c524692d96fe8928470da98c11fd367b1439ea3786d26ce9ae9ef384f4084812185f06d2eb762e362d3339cef9ab9c7f351793aa075f7
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat