remcos | 2b1530546744e05fc3e002b3db398e90449e6eab2aa259a691f5fb5d7bf49664 | Triage

Sharing

General

Target

Alıntı.exe
Size

830KB
Sample

210125-ca68brdvk6
MD5

cb6f7aa8475416055d6a363c4c0617dd
SHA1

ceb31f102bd5d5bf63da93db0c44936b411de2e0
SHA256

2b1530546744e05fc3e002b3db398e90449e6eab2aa259a691f5fb5d7bf49664
SHA512

eb525403949ad3715c20183a4f5140f21a63b88895bc6ed9333f7684f43f409e6c14e956a6256df35526fa885a1a2ba719d2a006475e281d1f1c75a2c9727af1

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

whatgodcannotdodoestnotexist.duckdns.org:2559

Targets

- Target
  
  Alıntı.exe
- Size
  
  830KB
- MD5
  
  cb6f7aa8475416055d6a363c4c0617dd
- SHA1
  
  ceb31f102bd5d5bf63da93db0c44936b411de2e0
- SHA256
  
  2b1530546744e05fc3e002b3db398e90449e6eab2aa259a691f5fb5d7bf49664
- SHA512
  
  eb525403949ad3715c20183a4f5140f21a63b88895bc6ed9333f7684f43f409e6c14e956a6256df35526fa885a1a2ba719d2a006475e281d1f1c75a2c9727af1
Score

10^/10

remcos persistence rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

remcospersistencerat

behavioral2

remcospersistencerat